Bug#463501: marked as done (allows unauthorized remote arbitrary code execution (CVE-2007-5689))

Debian Bug Tracking System Sat, 16 Feb 2008 05:09:49 -0800

Your message dated Sat, 16 Feb 2008 12:17:29 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#463501: fixed in sun-java5 1.5.0-14-1etch1
has caused the Debian Bug report #463501,
regarding allows unauthorized remote arbitrary code execution (CVE-2007-5689)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
463501: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463501
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: sun-java5
Version: 1.5.0-10-3
Severity: critical
Tags: security, fixed-upstream

1.5.0-10 is vulnerable to CVE-2007-5689 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689

From http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5689 :

Overview

 The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK 
and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 
5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers 
to execute arbitrary programs, or read or modify arbitrary files, via applets 
that grant privileges to themselves. 
 
Impact

 CVSS Severity (version 2.0):
 CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend) 
 Impact Subscore: 10.0
 Exploitability Subscore: 10.0

--- End Message ---

--- Begin Message ---

Source: sun-java5
Source-Version: 1.5.0-14-1etch1

We believe that the bug you reported is fixed in the latest version of
sun-java5, which is due to be installed in the Debian FTP archive:

ia32-sun-java5-bin_1.5.0-14-1etch1_amd64.deb
  to pool/non-free/s/sun-java5/ia32-sun-java5-bin_1.5.0-14-1etch1_amd64.deb
ia32-sun-java5-bin_1.5.0-14-1etch1_ia64.deb
  to pool/non-free/s/sun-java5/ia32-sun-java5-bin_1.5.0-14-1etch1_ia64.deb
sun-java5-bin_1.5.0-14-1etch1_amd64.deb
  to pool/non-free/s/sun-java5/sun-java5-bin_1.5.0-14-1etch1_amd64.deb
sun-java5-bin_1.5.0-14-1etch1_i386.deb
  to pool/non-free/s/sun-java5/sun-java5-bin_1.5.0-14-1etch1_i386.deb
sun-java5-demo_1.5.0-14-1etch1_amd64.deb
  to pool/non-free/s/sun-java5/sun-java5-demo_1.5.0-14-1etch1_amd64.deb
sun-java5-demo_1.5.0-14-1etch1_i386.deb
  to pool/non-free/s/sun-java5/sun-java5-demo_1.5.0-14-1etch1_i386.deb
sun-java5-doc_1.5.0-14-1etch1_all.deb
  to pool/non-free/s/sun-java5/sun-java5-doc_1.5.0-14-1etch1_all.deb
sun-java5-fonts_1.5.0-14-1etch1_all.deb
  to pool/non-free/s/sun-java5/sun-java5-fonts_1.5.0-14-1etch1_all.deb
sun-java5-jdk_1.5.0-14-1etch1_amd64.deb
  to pool/non-free/s/sun-java5/sun-java5-jdk_1.5.0-14-1etch1_amd64.deb
sun-java5-jdk_1.5.0-14-1etch1_i386.deb
  to pool/non-free/s/sun-java5/sun-java5-jdk_1.5.0-14-1etch1_i386.deb
sun-java5-jre_1.5.0-14-1etch1_all.deb
  to pool/non-free/s/sun-java5/sun-java5-jre_1.5.0-14-1etch1_all.deb
sun-java5-plugin_1.5.0-14-1etch1_i386.deb
  to pool/non-free/s/sun-java5/sun-java5-plugin_1.5.0-14-1etch1_i386.deb
sun-java5-source_1.5.0-14-1etch1_all.deb
  to pool/non-free/s/sun-java5/sun-java5-source_1.5.0-14-1etch1_all.deb
sun-java5_1.5.0-14-1etch1.diff.gz
  to pool/non-free/s/sun-java5/sun-java5_1.5.0-14-1etch1.diff.gz
sun-java5_1.5.0-14-1etch1.dsc
  to pool/non-free/s/sun-java5/sun-java5_1.5.0-14-1etch1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <[EMAIL PROTECTED]> (supplier of updated sun-java5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 01 Feb 2008 07:41:34 +0100
Source: sun-java5
Binary: sun-java5-demo sun-java5-fonts sun-java5-bin sun-java5-source 
sun-java5-jdk sun-java5-doc sun-java5-jre ia32-sun-java5-plugin 
ia32-sun-java5-bin sun-java5-plugin
Architecture: all amd64 i386 ia64 source 
Version: 1.5.0-14-1etch1
Distribution: stable
Urgency: low
Maintainer: Matthias Klose <[EMAIL PROTECTED]>
Changed-By: Matthias Klose <[EMAIL PROTECTED]>
Description: 
 ia32-sun-java5-bin - Sun Java(TM) Runtime Environment (JRE) 5.0 (32-bit)
 sun-java5-bin - Sun Java(TM) Runtime Environment (JRE) 5.0 (architecture 
dependen
 sun-java5-demo - Sun Java(TM) Development Kit (JDK) 5.0 demos and examples
 sun-java5-jdk - Sun Java(TM) Development Kit (JDK) 5.0
Closes: 463501
Changes: 
 sun-java5 (1.5.0-14-1etch1) stable; urgency=low
 .
   * Upload to etch-updates.
   * New upstream bug fix release. For a list of changes see
     http://java.sun.com/j2se/1.5.0/ReleaseNotes.html.
   * Fixes among other:
     - Do not allow unauthorized remote arbitrary code execution
       (CVE-2007-5689). Closes: #463501.
Files: 
 07dd9f855fe3c993173e880fcdb2a59e 7464766 non-free/libs optional 
sun-java5-jre_1.5.0-14-1etch1_all.deb
 09a75c1de2b984ad511b78697299fbbf 9872842 non-free/devel optional 
sun-java5-demo_1.5.0-14-1etch1_i386.deb
 1263fa709e6bbf1a2f6b7b3c25bf61cd 40464 non-free/doc optional 
sun-java5-doc_1.5.0-14-1etch1_all.deb
 2b0de48ae1bfef67070108ddb44d451a 5050902 non-free/devel optional 
sun-java5-jdk_1.5.0-14-1etch1_i386.deb
 2e8fc2fca1f06565b0662e5285da5e0c 16463690 non-free/devel optional 
sun-java5-source_1.5.0-14-1etch1_all.deb
 e50091a94e84053236a414f417e43bf1 1229 non-free/devel optional 
sun-java5_1.5.0-14-1etch1.dsc
 619ac422767b57f79114c837ae604943 22411632 non-free/libs optional 
ia32-sun-java5-bin_1.5.0-14-1etch1_ia64.deb
 61e2166ecd5fd2695e9dc9fb8a06fe2c 1822 non-free/x11 optional 
sun-java5-fonts_1.5.0-14-1etch1_all.deb
 7027050db3229bd5f5e17b869bc37198 1684 non-free/web optional 
sun-java5-plugin_1.5.0-14-1etch1_i386.deb
 8625d27749f456050caf4c31e36db793 22409738 non-free/libs optional 
ia32-sun-java5-bin_1.5.0-14-1etch1_amd64.deb
 8858b6abe78a2a397da70e42f7a8e2d4 22409058 non-free/libs optional 
sun-java5-bin_1.5.0-14-1etch1_i386.deb
 8d274675718c37886f1bdddc265a5742 5237838 non-free/devel optional 
sun-java5-demo_1.5.0-14-1etch1_amd64.deb
 a3005d10f2e73e45c6ea5e350dfd624a 20061644 non-free/libs optional 
sun-java5-bin_1.5.0-14-1etch1_amd64.deb
 a6516c76d9ff0530b0dca4e2beef6d6b 80743 non-free/devel optional 
sun-java5_1.5.0-14-1etch1.diff.gz
 d8c4e840539ba31acd1ef0d891f6ee07 92342441 non-free/devel optional 
sun-java5_1.5.0-14.orig.tar.gz
 dc20785327404a26149c2c7c91075871 4884664 non-free/devel optional 
sun-java5-jdk_1.5.0-14-1etch1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHoyD8StlRaw+TLJwRAnvoAJ4/CgiJ9lSPRwzcGhsbozw1EdqNLgCgw61G
0tBRTWYc6N+EHqNI9uQ8iCY=
=Tlkc
-----END PGP SIGNATURE-----

--- End Message ---

Bug#463501: marked as done (allows unauthorized remote arbitrary code execution (CVE-2007-5689))

Reply via email to