Candidate: CVE-2008-5357
PublicDate: 2008-12-05 11:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
Description:
 Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6
 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE
 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow
 remote attackers to execute arbitrary code via a crafted TrueType font
 file, which triggers a heap-based buffer overflow.
Ubuntu-Description: 
Notes: 
 kees> http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
 kees> 6733336
 kees> vulnerable source not included in the open source JDK
Bugs: 
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_sun-java6:
upstream_sun-java6: needs-triage
dapper_sun-java6: DNE
gutsy_sun-java6: needed (reached end-of-life)
hardy_sun-java6: released (6-17-0ubuntu1.8.04)
intrepid_sun-java6: released (6-14-0ubuntu1.8.10)
jaunty_sun-java6: released (6-16-0ubuntu1.9.04)
karmic_sun-java6: released (6-15-1)
devel_sun-java6: released (6.19-0ubuntu1)

Patches_sun-java5:
upstream_sun-java5: needs-triage
dapper_sun-java5: ignored (reached end-of-life)
gutsy_sun-java5: needed (reached end-of-life)
hardy_sun-java5: released (1.5.0-22-0ubuntu0.8.04)
intrepid_sun-java5: released (1.5.0-19-0ubuntu0.8.10)
jaunty_sun-java5: released (1.5.0-19-0ubuntu0.9.04)
karmic_sun-java5: DNE
devel_sun-java5: DNE

Patches_openjdk-6:
upstream_openjdk-6: needs-triage
dapper_openjdk-6: DNE
gutsy_openjdk-6: DNE
hardy_openjdk-6: not-affected (code not present)
intrepid_openjdk-6: not-affected (code not present)
jaunty_openjdk-6: not-affected (6b14-0ubuntu4)
karmic_openjdk-6: not-affected (6b14-0ubuntu4)
devel_openjdk-6: not-affected (6b14-0ubuntu4)