Your message dated Fri, 29 Feb 2008 06:39:54 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Close
has caused the Debian Bug report #468487,
regarding allows unauthorized remote arbitrary code execution (CVE-2007-5689)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
468487: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468487
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: sun-java6
Version: 6-00-2
Severity: critical
Tags: security, upstream
The sun-java6 version in testing is vulnerable to CVE-2007-5689 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689
From http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5689 :
Overview
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK
and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE
5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers
to execute arbitrary programs, or read or modify arbitrary files, via applets
that grant privileges to themselves.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
This is fixed in the unstable version, which is waiting a missing ia64 build
or to be forced to migrate.
--- End Message ---
--- Begin Message ---
Version: 6-03-1
--- End Message ---
