Discussion in 'other security issues & news' started by MrBrian, Dec 13, 2011.
Please don't tell me this affects Java 7u2?
The advisory lists only 1.6.x but it's not clear to me that it's been fixed in 1.7.x either.
So, the thing just gets updated and now they come with this?
The vulnerability is reported in versions 126.96.36.199 and prior.
"Solution Status: Unpatched"
Then, it's a bit contradictory, isn't it? Why would they mention only 188.8.131.52 and prior? There's no prior, then. I mean, there is, but we need to include, possibly, version 184.108.40.206. But, I wonder if it has been patched in version 220.127.116.11? I'll see if I can spot anything in the change log.
But, according to the original article (-http://blog.infobytesec.com/2011/12/pwning-java-update-process-2007-today.html):
The article was written a week ago. By then, the latest version was 18.104.22.168 for quite some time, not 22.214.171.124.
I'm not saying there isn't a bug; I'm just saying these folks need to make things a bit more clear.
This is the page from Oracle regarding to what was patched in version 126.96.36.199. -http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
I didn't see any mentions...
Separate names with a comma.