[Bug 1224723] Re: Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless
Todd Taft
1224723 at bugs.launchpad.net
Mon Sep 30 20:44:41 UTC 2013
CVE-2013-2465 is a CVE against Java, although it is against Oracle Java.
It's not immediately clear to me whether or not this vulnerability is
also applicable to openJDK. Can you confirm that this vulnerability
does not apply to openJDK (or that it is already patched in this
version)?
Labeling the file as a "virus" is probably incorrect, but my concern was
that it represented an unpatched security vulnerability.
Most of the other files in http://bazaar.launchpad.net/~ubuntu-security
/ubuntu-cve-tracker/master/view/head:/README.virus have obvious reasons
that they would constitute false positives (e.g. they are samples of
exploits/viruses), but I don't see an obvious reason why this particular
file would be a false positive. If this really is a false positive,
then I would suggest that it's a bug in the clam database, since that
means that it is detecting a Java security problem where none exists.
** Changed in: openjdk-6 (Ubuntu)
Status: Invalid => New
** Also affects: clamav (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in Ubuntu.
https://bugs.launchpad.net/bugs/1224723
Title:
Clamscan finds CVE-2013-2465 in openjdk-6-jre-headless
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1224723/+subscriptions
More information about the Ubuntu-server-bugs
mailing list