Status of java in hardy

Stefan Lesicnik stefan at lsd.co.za
Tue May 12 11:37:30 BST 2009


On Tue, May 12, 2009 at 11:42 AM, Andreas Heinlein <aheinlein at gmx.com> wrote:
> Hello,
>
> I am wondering what the security status of openjdk, sun-java6 and
> sun-java5 in hardy is. After the latest security holes were discovered
> in the Sun JRE 6u12 and Sun JRE6u13 was released, fixes were released as
> well for openjdk packages for intrepid and jaunty, because openjdk is in
> main for these distributions.
>
> I contacted Kees Cook for updated hardy packages, and he told me that
> since openjdk is in universe for hardy, he cannot do anything except
> wait for updated packages. Several weeks have passed since then, updated
> debian lenny packages for openjdk6b11 have been released in the
> meantime, but still no hardy update.
>
> He pointed me to a CVE tracker of ubuntu packages
> (http://people.ubuntu.com/~ubuntu-security/cve/universe-all.html#universe)
> which shows e.g. CVE-2009-1096 is still open for hardy.
>
> If I'm correct, this means that there is currently no security-hole free
> java runtime for hardy, at least none with a usable web browser plugin
> (I do not consider gcjwebplugin usable...). This is bad, especially
> since hardy is a LTS release.
>
> Can someone here tell me how to "Push" things a little in order to get
> this fixed?


Hi Andreas,

Packages located in universe are generally maintained by motu-swat and
contributors. We would love to have your assistance within the
motu-swat team.

The following resources will assist you in getting started. Also feel
free to drop by #ubuntu-hardened or hunt me down on irc :)

https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
https://wiki.ubuntu.com/SecurityTeam
https://wiki.ubuntu.com/StableReleaseUpdates
https://wiki.ubuntu.com/MOTU/GettingStarted

Regards,

Stefan

stefanlsd (freenode)



More information about the Ubuntu-motu mailing list