Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does
not prevent the existence of children of a resurrected ClassLoader, which
allows remote attackers to gain privileges via unspecified vectors, related
to an "information leak vulnerability," aka Bug Id 6636650.
Updated: 2016-03-23 03:35:04 UTC (commit 10817)