LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A java vulnerability

A java vulnerability

Posted Dec 2, 2004 13:47 UTC (Thu) by hmh (subscriber, #3838)
Parent article: A java vulnerability

Well, blackdown.org does support automatic security updating for the Debian packages (as long as you take care to update and upgrade from their repository). Likely something for rpm can be arranged as well.

Still non-free as heck, but hey, we did know what the deal with Java was all along, didn't we?

(Log in to post comments)

Outdated debian packages on blackdown?

Posted Dec 2, 2004 19:25 UTC (Thu) by fredrik (subscriber, #232) [Link]

I'm probably missing something, because when I browse blackdown's ftp mirrors I cannot find any debian packages more recent than 2003. Not even the change log from the most recent tar-package seems to reference any security fix. Are the blackdown developers really maintaining their ftp? And if not, are the debian packages maintained elsewhere?

Sofar, I have always pulled the official sun release, and built a java-dummy package. That has been the most predictable method for me to install java.

A pity that sun maintains a such obnoxious non-oss-approved license on their official SDK/JRE. They only shoot themselves in the foot by making it harder for both end users and developers to install and update.

Oh well, guess I'm preaching to the choir here anyway...

Debian repository of blackdown.org j2se packages

Posted Dec 2, 2004 20:22 UTC (Thu) by hmh (subscriber, #3838) [Link]

deb http://ftp.gwdg.de/pub/languages/java/linux/debian sid non-free

OR

deb http://ftp.gwdg.de/pub/languages/java/linux/debian sarge non-free

Debian repository of blackdown.org j2se packages

Posted Dec 3, 2004 9:01 UTC (Fri) by fredrik (subscriber, #232) [Link]

Ah, sweet!

I found the release notice and a reference to an official deb-archive[0] on blackdown. The notice also mentioned that their latest version, 1.4.2.01-1, fixes the vulnerability in CVE CAN-2004-1029.

Apparantly blackdown's version 1.4.2.01 is based on sun's 1.4.2_07pre code, and I must say, that version discrepancy is a bit unclear for a casual observer.

Anyway, off I go to add a new source for apt. Wee.

[0] http://blackdown.org/java-linux/java2-status/jdk1.4-statu...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds