Discussion in 'other security issues & news' started by MrBrian, Dec 13, 2011.
Please don't tell me this affects Java 7u2?
The advisory lists only 1.6.x but it's not clear to me that it's been fixed in 1.7.x either.
So, the thing just gets updated and now they come with this?
The vulnerability is reported in versions 184.108.40.206 and prior.
"Solution Status: Unpatched"
Then, it's a bit contradictory, isn't it? Why would they mention only 220.127.116.11 and prior? There's no prior, then. I mean, there is, but we need to include, possibly, version 18.104.22.168. But, I wonder if it has been patched in version 22.214.171.124? I'll see if I can spot anything in the change log.
But, according to the original article (-http://blog.infobytesec.com/2011/12/pwning-java-update-process-2007-today.html):
The article was written a week ago. By then, the latest version was 126.96.36.199 for quite some time, not 188.8.131.52.
I'm not saying there isn't a bug; I'm just saying these folks need to make things a bit more clear.
This is the page from Oracle regarding to what was patched in version 184.108.40.206. -http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
I didn't see any mentions...
Separate names with a comma.