852933 – Vulnerability in openJDK 1.7 and no openJDK 1.6 in Fedora 17 to fall back to.

Bug 852933 - Vulnerability in openJDK 1.7 and no openJDK 1.6 in Fedora 17 to fall back to.

Summary: Vulnerability in openJDK 1.7 and no openJDK 1.6 in Fedora 17 to fall back to.

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	java-1.6.0-openjdk
Sub Component:
Version:	17
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Deepak Bhole
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-30 03:30 UTC by M. Edward (Ed) Borasky
Modified:	2012-08-30 09:08 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-30 05:34:28 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description M. Edward (Ed) Borasky 2012-08-30 03:30:01 UTC

Description of problem:

A zero-day vulnerability has been discovered in openJDK 1.7. 1.6 is not affected. See http://www.kb.cert.org/vuls/id/636312 for details. I'd like to drop back to openJDK 1.6 on my Fedora systems, but I can't, because the RPM isn't in the repositories.

Comment 1 David Jorm 2012-08-30 05:34:28 UTC

Fedora 17 does not include openjdk 1.6, only openjdk 1.7. bug 852958 has been filed against Fedora 17 to track the resolution of this flaw in openjdk 1.7.

Comment 2 Tomas Hoger 2012-08-30 09:08:12 UTC

security bugzilla group is only for non-public security issues.

Note You need to log in before you can comment on or make changes to this bug.