diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/20120401/006847.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20120401/006847.html | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20120401/006847.html b/zarb-ml/mageia-discuss/20120401/006847.html new file mode 100644 index 000000000..fa76860c6 --- /dev/null +++ b/zarb-ml/mageia-discuss/20120401/006847.html @@ -0,0 +1,109 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Current java plugin with security hole? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Current%20java%20plugin%20with%20security%20hole%3F&In-Reply-To=%3Cjl899q%246p9%241%40dough.gmane.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + + <LINK REL="Next" HREF="006848.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Current java plugin with security hole?</H1> + <B>TJ</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Current%20java%20plugin%20with%20security%20hole%3F&In-Reply-To=%3Cjl899q%246p9%241%40dough.gmane.org%3E" + TITLE="[Mageia-discuss] Current java plugin with security hole?">andrewsfarm at gmail.com + </A><BR> + <I>Sun Apr 1 02:59:38 CEST 2012</I> + <P><UL> + + <LI>Next message: <A HREF="006848.html">[Mageia-discuss] what happened to mageia servers +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6847">[ date ]</a> + <a href="thread.html#6847">[ thread ]</a> + <a href="subject.html#6847">[ subject ]</a> + <a href="author.html#6847">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 03/29/2012 03:51 AM, Wolfgang Bornath wrote: +><i> 2012/3/29 Luc Menut<<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">lmenut at free.fr</A>>: +</I>>><i> Le 29/03/2012 09:30, Oliver Burger a écrit : +</I>>><i> +</I>>>><i> Am 29.03.2012 09:22, schrieb Wolfgang Bornath: +</I>>>>><i> +</I>>>>><i> The page gives a link to a test routine at java.com where you can test +</I>>>>><i> which version is installed on your machine. For my Mageia 1 +</I>>>>><i> installation with firefox the test shows "Your Java version: Version +</I>>>>><i> 6 Update 26" - which matches the installed package +</I>>>>><i> (java-1.6.0-sun-plugin-1.6.0.26-0.2.mga1.nonfree). +</I>>>>><i> +</I>>>>><i> Recommended is "version 6 update 31". But this is not available yet at +</I>>>>><i> Mageia. +</I>>>>><i> +</I>>>>><i> - will there be a security related update for Mageia 1? +</I>>>>><i> - if not, should we use the recommended newer version from java.com +</I>>>>><i> (rpm packages available for 32 and 64 bit) +</I>>>><i> +</I>>>><i> Afaik oracle has withdrawn the redistribution license for all newer java +</I>>>><i> versions. +</I>>>><i> But I'm not sure if only java>= 1.7 is concerned or java> 1.6.0.26. +</I>>><i> +</I>>><i> +</I>>><i> java-1.6.0-sun> 1.6.0.26 is concerned too. +</I>>><i> <A HREF="http://jdk-distros.java.net/">http://jdk-distros.java.net/</A> +</I>>><i> <A HREF="http://robilad.livejournal.com/90792.html">http://robilad.livejournal.com/90792.html</A> +</I>>><i> <A HREF="https://bugs.mageia.org/show_bug.cgi?id=3101">https://bugs.mageia.org/show_bug.cgi?id=3101</A> +</I>><i> +</I>><i> Ah, missed the bug report on this - but this only shows that the +</I>><i> average "non-mailing-list-reader" may not know about the issue at all. +</I>><i> +</I>><i> Step 1: action ASAP as suggested in the bug report comment #13 +</I>><i> ("update" the version in mga1 repos with a README.urpmi) +</I>><i> Step 2: after this is done give out a related warning (mailing list, forum). +</I>><i> +</I>><i> As Dave Hodgins wrote in Bugzilla: "It may be bad for beginner users, +</I>><i> but it's worse to leave them +</I>><i> with insecure software that is being actively exploited." +</I>><i> +</I>FWIW, I had one site I use frequently (a weather radar loop) that used +to complain (I'm thinking this was about three years ago) if I didn't +use Oracle(Sun) Java, so I had Oracle's JRE 1.7.2 installed. It worked +fine, but because of the license problem and the bigger bother to +install it I tried the iced tea-web package again. It too now works just +fine with that fussy page. + +In fact, I like it better. JRE would wait until the entire loop was +downloaded before displaying anything, but the iced tea plugin displays +frames as they are downloaded. That's important for my impatient +brother, as if there's too much delay before something displays, he +starts thinking something's gone wrong. + +TJ + +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + + <LI>Next message: <A HREF="006848.html">[Mageia-discuss] what happened to mageia servers +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#6847">[ date ]</a> + <a href="thread.html#6847">[ thread ]</a> + <a href="subject.html#6847">[ subject ]</a> + <a href="author.html#6847">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |