Name: CVE-2008-5355 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355 Reference: SUNALERT:244989 Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1 The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. (windows only)
Another mention of this issue: http://secunia.com/advisories/32991/ (Point 12) ).
This is Windows-specific, so no need to keep the bug open.