Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder2.hal-mli.net!feeder.erje.net!eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail
From: Eric Sosman <esosman@comcast-dot-net.invalid>
Newsgroups: comp.lang.java.programmer
Subject: Re: JDK 1.7.0_11 is out.
Date: Tue, 15 Jan 2013 22:03:17 -0500
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <kd558i$fbp$1@dont-email.me>
References: <n1r6f817h6mus92hrkpgr92lineb6lintr@4ax.com> <h2l9f8dcitjijhvu1hi596cos7julbci7q@4ax.com> <50f60a90$0$287$14726298@news.sunsite.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 16 Jan 2013 03:02:42 +0000 (UTC)
Injection-Info: mx04.eternal-september.org; posting-host="ffb8f7085759b339c1002252b48331a4"; logging-data="15737"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18yrCQmDIlVwOE1ZUfHiSRc"
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
In-Reply-To: <50f60a90$0$287$14726298@news.sunsite.dk>
Cancel-Lock: sha1:A5nQAH2bNuzosNF7JfsaLp8sWlc=
Xref: csiph.com comp.lang.java.programmer:21422

On 1/15/2013 9:03 PM, Arne Vajhøj wrote:
>[...]
> <quote>
> This release contains fixes for security vulnerabilities. For more
> information, see Oracle Security Alert for CVE-2013-0422.

     CERT's advice is

	"Immunity has indicated that only the reflection
	vulnerability has been fixed and that the JMX MBean
	vulnerability remains. [...] Unless it is absolutely
	necessary to run Java in web browsers, disable it as
	described below, even after updating to 7u11. [...]"
	--from <http://www.kb.cert.org/vuls/id/625617>

Write once, pwn anywhere ...

-- 
Eric Sosman
esosman@comcast-dot-net.invalid