Debian Bug report logs - #462622
[sun-java5] Remove from etch/non-free due to security problems

version graph

Package: sun-java5; Maintainer for sun-java5 is (unknown);

Reported by: bgrpt@toplitzer.net

Date: Sat, 26 Jan 2008 09:09:01 UTC

Severity: grave

Tags: security

Found in version sun-java5/1.5.0-10-3

Done: Matthias Klose <doko@cs.tu-berlin.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@ubuntu.com>:
Bug#462622; Package sun-java5. Full text and rfc822 format available.

Acknowledgement sent to bgrpt@toplitzer.net:
New Bug report received and forwarded. Copy sent to Matthias Klose <doko@ubuntu.com>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: bgrpt@toplitzer.net
To: submit@bugs.debian.org
Subject: [sun-java5] Remove from etch/non-free due to security problems
Date: Sat, 26 Jan 2008 10:04:26 +0100
Source: sun-java5
Version: 1.5.0-10-3

java with it's browser plugin runtime is a widely used
software package which has no support by the security team
and not enough support from the package maintainers /
release team.

There are serious remote vulns. unfixed in etch which which are
rated by the NIST(CVE-2007-5689):

CVSS Severity (version 2.0):
CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Provides administrator access, Allows complete confidentiality, 
integrity, and availability violation , Allows unauthorized disclosure of 
information , Allows disruption of service


Widely used but buggy and unsupported packages should not be included.


Ref:
http://security-tracker.debian.net/tracker/CVE-2007-5689
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=423062
http://security-tracker.debian.net/tracker/source-package/sun-java5




Severity set to `grave' from `normal' Request was from bgrpt@toplitzer.net to control@bugs.debian.org. (Sat, 26 Jan 2008 09:24:06 GMT) Full text and rfc822 format available.

Tags added: security Request was from bgrpt@toplitzer.net to control@bugs.debian.org. (Sat, 26 Jan 2008 09:24:06 GMT) Full text and rfc822 format available.

Bug closed, send any further explanations to bgrpt@toplitzer.net Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. (Wed, 06 Feb 2008 00:09:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 05 Mar 2008 07:28:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 16:24:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.