1
Candidate: CVE-2012-2739
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2739
5
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
6
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
7
http://www.openwall.com/lists/oss-security/2012/06/15/12
8
http://www.openwall.com/lists/oss-security/2012/06/17/1
9
https://usn.ubuntu.com/usn/usn-1619-1/
11
Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8
12
before build 39, computes hash values without restricting the ability to
13
trigger hash collisions predictably, which allows context-dependent
14
attackers to cause a denial of service (CPU consumption) via crafted input
15
to an application that maintains a hash table.
18
sbeattie> openjdk-6b18 in oneiric has been superceded by openjdk-6
19
sbeattie> openjdk-6b18 in lucid & natty would be superceded by
20
openjdk-6 except that openjdk-6 FTBFS on armel (LP: #1043003)
21
jdstrand> this was actually fixed in usn-1619-1 as part of the new upstream
22
releases, but it wasn't reported as such.
24
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1043003
30
upstream_sun-java6: needs-triage
31
hardy_sun-java6: ignored (upstream version is not redistributable)
32
lucid_sun-java6: DNE (removed from archive)
33
natty_sun-java6: DNE (removed from archive)
34
oneiric_sun-java6: DNE
35
precise_sun-java6: DNE
36
quantal_sun-java6: DNE
40
upstream_sun-java5: needs-triage
41
hardy_sun-java5: ignored (upstream sun-java5 is EoL)
44
oneiric_sun-java5: DNE
45
precise_sun-java5: DNE
46
quantal_sun-java5: DNE
50
upstream_openjdk-6: released (6b24-1.11.5)
51
hardy_openjdk-6: released (6b27-1.12.3-0ubuntu1~08.04.1)
52
lucid_openjdk-6: released (6b24-1.11.5-0ubuntu1~10.04.2)
53
natty_openjdk-6: ignored (reached end-of-life)
54
oneiric_openjdk-6: released (6b24-1.11.5-0ubuntu1~11.10.1)
55
precise_openjdk-6: released (6b24-1.11.5-0ubuntu1~12.04.1)
56
quantal_openjdk-6: released (6b24-1.11.5-0ubuntu1~12.10.1)
57
devel_openjdk-6: not-affected (6b24-1.11.5-0ubuntu1~12.10.1)
60
upstream_openjdk-6b18: needs-triage
61
hardy_openjdk-6b18: DNE
62
lucid_openjdk-6b18: ignored (reached end-of-life)
63
natty_openjdk-6b18: ignored (LP: #1043003)
64
oneiric_openjdk-6b18: ignored (superceded by openjdk-6)
65
precise_openjdk-6b18: DNE
66
quantal_openjdk-6b18: DNE
67
devel_openjdk-6b18: DNE
70
upstream_openjdk-7: released (7u9-2.3.3)
74
oneiric_openjdk-7: released (7u9-2.3.3-0ubuntu1~11.10.1)
75
precise_openjdk-7: released (7u9-2.3.3-0ubuntu1~12.04.1)
76
quantal_openjdk-7: released (7u9-2.3.3-0ubuntu1~12.10.1)
77
devel_openjdk-7: not-affected (7u9-2.3.3-0ubuntu1~12.10.1)