Status of java in hardy

Stefan Lesicnik stefan at
Tue May 12 11:37:30 BST 2009

On Tue, May 12, 2009 at 11:42 AM, Andreas Heinlein <aheinlein at> wrote:
> Hello,
> I am wondering what the security status of openjdk, sun-java6 and
> sun-java5 in hardy is. After the latest security holes were discovered
> in the Sun JRE 6u12 and Sun JRE6u13 was released, fixes were released as
> well for openjdk packages for intrepid and jaunty, because openjdk is in
> main for these distributions.
> I contacted Kees Cook for updated hardy packages, and he told me that
> since openjdk is in universe for hardy, he cannot do anything except
> wait for updated packages. Several weeks have passed since then, updated
> debian lenny packages for openjdk6b11 have been released in the
> meantime, but still no hardy update.
> He pointed me to a CVE tracker of ubuntu packages
> (
> which shows e.g. CVE-2009-1096 is still open for hardy.
> If I'm correct, this means that there is currently no security-hole free
> java runtime for hardy, at least none with a usable web browser plugin
> (I do not consider gcjwebplugin usable...). This is bad, especially
> since hardy is a LTS release.
> Can someone here tell me how to "Push" things a little in order to get
> this fixed?

Hi Andreas,

Packages located in universe are generally maintained by motu-swat and
contributors. We would love to have your assistance within the
motu-swat team.

The following resources will assist you in getting started. Also feel
free to drop by #ubuntu-hardened or hunt me down on irc :)



stefanlsd (freenode)

More information about the Ubuntu-motu mailing list