CVE-2009-3880

Priority
Low
Description
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun
Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not
properly restrict the objects that may be sent to loggers, which allows
attackers to obtain sensitive information via vectors related to the
implementation of Component, KeyboardFocusManager, and
DefaultKeyboardFocusManager, aka Bug Id 6664512.
References
Package
Upstream:released (6b17)
Ubuntu 8.04 LTS (Hardy Heron):released (6b18-1.8.2-4ubuntu1~8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (6b17~pre2-0ubuntu3)
Ubuntu 11.04 (Natty Narwhal):not-affected (6b17~pre2-0ubuntu3)
Package
Upstream:released (1.5.0-22)
Ubuntu 8.04 LTS (Hardy Heron):not-affected (1.5.0-22-0ubuntu0.8.04)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:released (6.17)
Ubuntu 8.04 LTS (Hardy Heron):released (6.20dlj-0ubuntu1.8.04)
Ubuntu 10.04 LTS (Lucid Lynx):released (6.20dlj-1ubuntu3)
Ubuntu 11.04 (Natty Narwhal):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:20 UTC (commit 5347)