I'm investigating, but the issue is a sandbox security manager bypass using unauthorised reflection and that's exploited using Rhino Javascript. So the context has to be a browser for there to be an issue even if OpenJDK is affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for lots of data...
S. On Tue, Jan 15, 2013 at 6:58 PM, Dennis E. Hamilton <[email protected] > wrote: > Again, thanks to Simon Phipps for retweeting the information. > > It appears that one should *not* assume that OpenJDK does not share > vulnerabilities with the Oracle Java SE and JDK: > > The log of changes to OpenJDK for the recent vulnerability (just as > indication of the Oracle updating of OpenJDK): > <http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html > > > > The CVE: > < > http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html > > > > There is still reporting that this update is not a complete fix. I have > not found a reliable technical source that makes clear what the remaining > concern is, or if it is simply a lag in reports that have not recognized > the latest patches. > > - Dennis > > -----Original Message----- > From: Dennis E. Hamilton [mailto:[email protected]] > Sent: Sunday, January 13, 2013 13:27 > To: 'lj'; 'Libreoffice Discussion List' > Subject: RE: [tdf-discuss] LibreOffice and Java Security: > > This just out: > > <https://blogs.oracle.com/security/entry/security_alert_for_cve_2013> > > (Thanks to Simon Phipps for the link.) > > Note that the vulnerabilities "only affect Oracle Java 7 versions." > > - Dennis > > -----Original Message----- > From: lj [mailto:[email protected]] > Sent: Saturday, January 12, 2013 19:23 > To: Libreoffice Discussion List > Subject: [tdf-discuss] LibreOffice and Java Security: > > Hi all, > I am not sure if this is the correct list for this message. > I recently read this article about a Java 1.7 Security Problem. > Does this problem concern LibreOffice and Java??? > This macrumors article post and reads that this problem effects java > versions 4-7. At the moment oracle are at java 7. > > > http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/ > > > The Forbes article reveals that Mozilla, and Apple are advising users to > disable Java on there machines because of this security problem. > > http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/ > > > > http://thenextweb.com/apple/2013/01/11/apple-takes-no-prisoners-immediately-blocks-java-7-on-os-x-10-6-and-up-to-protect-mac-users/ > > > Can I use LibreOffice without Java enabled on my computer?? As I receive > annoying pop up windows when I first use libreoffice to install Java on > Apple OS X Mountain Lion. > > -- > Unsubscribe instructions: E-mail to [email protected] > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.documentfoundation.org/www/discuss/ > All messages sent to this list will be publicly archived and cannot be > deleted > > > -- > Unsubscribe instructions: E-mail to [email protected] > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.documentfoundation.org/www/discuss/ > All messages sent to this list will be publicly archived and cannot be > deleted > > > -- > Unsubscribe instructions: E-mail to [email protected] > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.documentfoundation.org/www/discuss/ > All messages sent to this list will be publicly archived and cannot be > deleted > -- *Simon Phipps* http://webmink.com *Meshed Insights & Knowledge * *Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027 *Mobile*: +44 774 776 2816* * -- Unsubscribe instructions: E-mail to [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
