1
PublicDateAtUSN: 2009-11-09
2
Candidate: CVE-2009-3728
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728
6
https://usn.ubuntu.com/usn/usn-859-1
8
Directory traversal vulnerability in the ICC_Profile.getInstance method in
9
Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6
10
before Update 17, and OpenJDK, allows remote attackers to determine the
11
existence of local International Color Consortium (ICC) profile files via a
12
.. (dot dot) in a pathname, aka Bug Id 6631533.
21
upstream_sun-java6: released (6.17)
23
hardy_sun-java6: released (6.20dlj-0ubuntu1.8.04)
24
intrepid_sun-java6: needs-triage (reached end-of-life)
25
jaunty_sun-java6: released (6.20dlj-0ubuntu1.9.04)
26
karmic_sun-java6: released (6.20dlj-0ubuntu1.9.10)
27
lucid_sun-java6: released (6.20dlj-1ubuntu3)
28
maverick_sun-java6: not-affected
32
upstream_sun-java5: released (1.5.0-22)
33
dapper_sun-java5: ignored (reached end-of-life)
34
gutsy_sun-java5: needs-triage (reached end-of-life)
35
hardy_sun-java5: not-affected (1.5.0-22-0ubuntu0.8.04)
36
intrepid_sun-java5: needs-triage (reached end-of-life)
37
jaunty_sun-java5: ignored (reached end-of-life)
40
maverick_sun-java5: DNE
44
upstream_openjdk-6: released (6b17)
46
hardy_openjdk-6: released (6b18-1.8.2-4ubuntu1~8.04.1)
47
intrepid_openjdk-6: released (6b12-0ubuntu6.6)
48
jaunty_openjdk-6: released (6b14-1.4.1-0ubuntu12)
49
karmic_openjdk-6: released (6b16-1.6.1-3ubuntu1)
50
lucid_openjdk-6: not-affected (6b17~pre2-0ubuntu3)
51
maverick_openjdk-6: not-affected (6b17~pre2-0ubuntu3)
52
devel_openjdk-6: not-affected (6b17~pre2-0ubuntu3)