Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 08 Feb 2015 15:37:42 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: security@...cle.com,
        "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode
 injected into signed jars

CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode
injected into signed jars

https://bugzilla.redhat.com/show_bug.cgi?id=1031471

Fixed upstream in OpenJDK:

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

Also reportedly fixed in Oracle Java in CPU Jan 2014

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

But I don't see the CVE. Oracle can you confirm if this was fixed, and
which CVE it was given? Thanks.

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ