1
PublicDateAtUSN: 2014-01-15
2
Candidate: CVE-2014-0416
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
6
https://rhn.redhat.com/errata/RHSA-2014-0026.html
7
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
8
https://usn.ubuntu.com/usn/usn-2089-1
9
https://usn.ubuntu.com/usn/usn-2124-1
11
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE
12
Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity
13
via vectors related to JAAS. NOTE: the previous information is from the
14
January 2014 CPU. Oracle has not commented on third-party claims that the
15
issue is related to how principals are set for the Subject class, which
16
allows attackers to escape the sandbox using deserialization of a crafted
20
mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
21
jdstrand> sun-java6 is not redistributable, no longer in the archive and
23
jdstrand> sun-java5 is EOL upstream and no longer tracked
30
upstream_openjdk-6: needs-triage
31
lucid_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.10.04.1)
32
precise_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.12.04.1)
33
quantal_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.12.10.1)
34
raring_openjdk-6: deferred (2014-01-15)
35
saucy_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.13.10.1)
36
devel_openjdk-6: not-affected (6b30-1.13.1-1ubuntu1)
39
upstream_openjdk-7: released (7u51-2.4.4-1)
41
precise_openjdk-7: released (7u51-2.4.4-0ubuntu0.12.04.2)
42
quantal_openjdk-7: released (7u51-2.4.4-0ubuntu0.12.10.2)
43
raring_openjdk-7: released (7u51-2.4.4-0ubuntu0.13.04.2)
44
saucy_openjdk-7: released (7u51-2.4.4-0ubuntu0.13.10.1)
45
devel_openjdk-7: not-affected (7u51-2.4.4-1ubuntu1)