From owner-java@jp.FreeBSD.org Mon Nov 29 20:03:30 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id iATB3Ut37532;
	Mon, 29 Nov 2004 20:03:30 +0900 (JST)
	(envelope-from owner-java@jp.FreeBSD.org)
Received: from mx1.aist.go.jp (mx1.aist.go.jp [150.29.246.133])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id iATB3T837527
	for <java@jp.FreeBSD.org>; Mon, 29 Nov 2004 20:03:30 +0900 (JST)
	(envelope-from shudo@computer.org)
Received: from rpsmtp1.aist.go.jp (rpsmtp1.aist.go.jp [150.29.254.30] (may be forged))
	by mx1.aist.go.jp  with ESMTP id iATB3PiZ025988;
	Mon, 29 Nov 2004 20:03:25 +0900 (JST)
	env-from (shudo@computer.org)
Received: from smtp4.aist.go.jp
	by rpsmtp1.aist.go.jp  with ESMTP id iATB3PUh011806;
	Mon, 29 Nov 2004 20:03:25 +0900 (JST)
	env-from (shudo@computer.org)
Received: 
	by smtp4.aist.go.jp  with ESMTP id iATB3J8i016689;
	Mon, 29 Nov 2004 20:03:24 +0900 (JST)
	env-from (shudo@computer.org)
Message-Id: <20041129.200505.1059968642.shudo@aist.go.jp>
To: java@jp.FreeBSD.org
Cc: shudo@computer.org
From: shudo@computer.org
In-Reply-To: <20041129.181208.246569345.kgotoh@cic-kk.co.jp>
References: <20041129.181208.246569345.kgotoh@cic-kk.co.jp>
X-Mailer: Mew version 4.1 on XEmacs 21.4.15 (Security Through Obscurity)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: java@jp.FreeBSD.org
Precedence: list
Date: Mon, 29 Nov 2004 20:05:05 +0900
X-Sequence: java 481
Subject: [java 481] Re: JRE/JDK =?ISO-2022-JP?B?GyRCJE5ASDxlQC0bKEI=?=
 =?ISO-2022-JP?B?GyRCQlA6dhsoQg==?= 
Sender: owner-java@jp.FreeBSD.org
X-Originator: shudo@computer.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+041128

$B8eF#(B($BOB@/(B)$B$5$s!"3'MM!"<sF#$G$9!#(B

>   Checking for packages with security vulnerabilities:

>   Type of problem: Security Vulnerability With Java Plugin.

> $B$H!"@h=5$+$i8@$o$l$k$h$&$K$J$j$^$7$?$,!"$3$l$C$F(B FreeBSD $B$G$OBP1~$G$-$k(B
> $B$b$N$J$N$G$7$g$&$+!)(B
>
> $B$h$/$o$+$C$F$$$J$$$N$G$9$,!"(BFreeBSD $B$K0\?"$7$F$$$k(B JDK $B$N%=!<%9$C$F(B
> JDK 1.4.2 $B$N=i4|%P!<%8%g%s$J$s$G$9$h$M!)(B 1.4.2_01 $B$K$J$k$s$G$7$?$C$1!)(B

FreeBSD $BMQ$N(B J2SDK 1.4.2 $B$O!"(B(1.4.2_01 $B$h$j$bA0$N(B) 1.4.2 $B$K(B
FreeBSD $BBP1~%Q%C%A(B (bsd-jdk14-patches-6.tar.gz) $B$rEv$F$?$b$N$K$J$j$^$9!#(B

SCSL $B$GG[IU$5$l$F$$$k(B J2SDK $B$N%=!<%9$C$F!"(B
1.3.1, 1.4.1, 1.4.2 $B$H%-%j$N$$$$HG$@$1$J$s$G$9$h$M!'(B

  J2SE $B%=!<%9%3!<%IG[IU%Z!<%8(B
  http://wwws.sun.com/software/communitysource/j2se/java2/download.html

$B$=$N8e$N(B _01, _02, ... $B$H$$$&=$@0$O!"8x3+$O$5$l$F$J$$$G$9!#(B
$B%i%$%;%s%7(B ($B4k6H(B) $B$OF~<j2DG=$@$C$?$H;W$$$^$9!#(B

$B$b$&!"(BJava for FreeBSD $B$K$D$$$F$O$$$m$$$m$H(B
$B$&$m3P$($K$J$C$F$7$^$C$F$k$s$G$9$,!D(B
FreeBSD $BBP1~%Q%C%A$C$F!"(B_01, _02 $B$NFbMF$O4^$s$G$J$$$G$9$h$M!)(B
$B$=$&$$$($P!"(BTCK ($B%F%9%H=8(B) $B$r%Q%9$7$F(B 2003/8/25 $B$K%j%j!<%9$5$l$?(B
$B%P%$%J%j$b!"(B1.3.1 $B=i4|HG(B + FreeBSD $BBP1~%Q%C%A$G$7$?$h$M!)(B


$B$3$N!"=i4|HG0J9_$N=$@5$,F~<jITG=!"$H$$$&LdBj$O!"(B
$B:#8e$O2~A1$5$l$=$&$JC{$b$"$j$^$9!'(B

  Sun$B!"(BJava 2 Standard Edition 6.0$B%9%J%C%W%7%g%C%H$r%*!<%W%s%=!<%92=(B
  http://www.itmedia.co.jp/news/articles/0411/17/news020.html

$BK\Ev$O!V%*!<%W%s%=!<%92=!W$G$O$"$j$^$;$s$,!"(B
$B$3$l$^$G%-%j$N$$$$HG$7$+8x3+$5$l$F$3$J$+$C$?(B JDK $B$N%=!<%9$,(B
$B$3$&$7$F$A$g$/$A$g$/(B (?) $B=P$FMh$k$h$&$K$J$C$?$N$O!"4?7^$G$9!#(B


> Sun $B$,=$@5$7$?%=!<%9$,F~<j$G$-$J$$$HD>$;$J$$$h$&$J5$$,$9$k$N$G$9$,!"(B
> $B<B:]$O$I$&$J$N$G$7$g$&$+!#(B

$B$I$&$$$&@H<e@-$J$N$+$O$7$C$+$j$H8x3+$5$l$F$$$k$N$G!'(B

  Sun Java Plugin arbitrary package access vulnerability
  http://jouko.iki.fi/adv/javaplugin.html

$B$3$N$/$i$$$NLdBj$J$i!"(BSun $B$KMj$i$:$H$b(B
$BC/$+$7$i$,=$@5$G$-$k$N$G$O$J$$$G$7$g$&$+!#(B
contribute $B$9$k%A%c%s%9!*(B


Kazuyuki Shudo/$B<sF#0l9,(B   $B;d$r$?$P$M$J$$$G(B $B$"$i$;$$$H$&$N2V$N$h$&$K(B
  shudo@computer.org   http://www.shudo.net/
