CVE-2011-0025
Published: 1 February 2011
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
|
karmic |
Released
(6b20-1.9.5-0ubuntu1~9.10.1)
|
|
lucid |
Released
(6b20-1.9.5-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b20-1.9.5-0ubuntu1)
|
|
natty |
Not vulnerable
(6b21~pre1-0ubuntu1)
|
|
oneiric |
Not vulnerable
(6b21~pre1-0ubuntu1)
|
|
upstream |
Released
(1.9.5)
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(6b18-1.8.5-0ubuntu1~9.10.1)
|
|
lucid |
Released
(6b18-1.8.5-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b18-1.8.4-0ubuntu1)
|
|
natty |
Not vulnerable
(6b18-1.8.3-1ubuntu3)
|
|
oneiric |
Not vulnerable
(6b18-1.8.3-1ubuntu3)
|
|
upstream |
Released
(1.8.5)
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(IcedTea only)
|
hardy |
Not vulnerable
(IcedTea only)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Not vulnerable
(IcedTea only)
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
(IcedTea only)
|
|
karmic |
Not vulnerable
(IcedTea only)
|
|
lucid |
Not vulnerable
(IcedTea only)
|
|
maverick |
Not vulnerable
(IcedTea only)
|
|
natty |
Not vulnerable
(IcedTea only)
|
|
oneiric |
Not vulnerable
(IcedTea only)
|
|
upstream |
Not vulnerable
(IcedTea only)
|