1
Candidate: CVE-2008-5357
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
6
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6
7
Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE
8
1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow
9
remote attackers to execute arbitrary code via a crafted TrueType font
10
file, which triggers a heap-based buffer overflow.
13
kees> http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
15
kees> vulnerable source not included in the open source JDK
22
upstream_sun-java6: needs-triage
24
gutsy_sun-java6: needed (reached end-of-life)
25
hardy_sun-java6: released (6-17-0ubuntu1.8.04)
26
intrepid_sun-java6: released (6-14-0ubuntu1.8.10)
27
jaunty_sun-java6: released (6-16-0ubuntu1.9.04)
28
karmic_sun-java6: released (6-15-1)
29
devel_sun-java6: released (6.19-0ubuntu1)
32
upstream_sun-java5: needs-triage
33
dapper_sun-java5: ignored (reached end-of-life)
34
gutsy_sun-java5: needed (reached end-of-life)
35
hardy_sun-java5: released (1.5.0-22-0ubuntu0.8.04)
36
intrepid_sun-java5: released (1.5.0-19-0ubuntu0.8.10)
37
jaunty_sun-java5: released (1.5.0-19-0ubuntu0.9.04)
42
upstream_openjdk-6: needs-triage
45
hardy_openjdk-6: not-affected (code not present)
46
intrepid_openjdk-6: not-affected (code not present)
47
jaunty_openjdk-6: not-affected (6b14-0ubuntu4)
48
karmic_openjdk-6: not-affected (6b14-0ubuntu4)
49
devel_openjdk-6: not-affected (6b14-0ubuntu4)