PublicDateAtUSN: 2013-02-01
Candidate: CVE-2013-0434
PublicDate: 2013-02-02 00:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html
 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021728.html
 https://ubuntu.com/security/notices/USN-1724-1
Description:
 Unspecified vulnerability in the Java Runtime Environment (JRE) component
 in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through
 Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote
 attackers to affect confidentiality via vectors related to JAXP.  NOTE: the
 previous information is from the February 2013 CPU. Oracle has not
 commented on claims from another vendor that this issue is related to the
 public declaration of the loadPropertyFile method in the JAXP
 FuncSystemProperty class, which allows remote attackers to obtain sensitive
 information.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: doko
CVSS: 

Patches_sun-java6:
upstream_sun-java6: needs-triage
hardy_sun-java6: ignored (upstream version is not redistributable)
lucid_sun-java6: DNE (removed from archive)
oneiric_sun-java6: DNE
precise_sun-java6: DNE
quantal_sun-java6: DNE
devel_sun-java6: DNE

Patches_sun-java5:
upstream_sun-java5: ignored (end of life)
hardy_sun-java5: ignored (upstream sun-java5 is EoL)
lucid_sun-java5: DNE
oneiric_sun-java5: DNE
precise_sun-java5: DNE
quantal_sun-java5: DNE
devel_sun-java5: DNE

Patches_openjdk-6:
upstream_openjdk-6: pending (6b24-1.11.6, 6b27-1.12.1)
hardy_openjdk-6: released (6b27-1.12.3-0ubuntu1~08.04.1)
lucid_openjdk-6: released (6b27-1.12.1-2ubuntu0.10.04.2)
oneiric_openjdk-6: released (6b27-1.12.1-2ubuntu0.11.10.2)
precise_openjdk-6: released (6b27-1.12.1-2ubuntu0.12.04.2)
quantal_openjdk-6: released (6b27-1.12.1-2ubuntu0.12.10.2)
devel_openjdk-6: released (6b27-1.12.1-2ubuntu2)

Patches_openjdk-6b18:
upstream_openjdk-6b18: needs-triage
hardy_openjdk-6b18: DNE
lucid_openjdk-6b18: ignored (reached end-of-life)
oneiric_openjdk-6b18: ignored (superseded by openjdk-6)
precise_openjdk-6b18: DNE
quantal_openjdk-6b18: DNE
devel_openjdk-6b18: DNE

upstream_openjdk-7: pending (7u9-2.3.5)
hardy_openjdk-7: DNE
lucid_openjdk-7: DNE
oneiric_openjdk-7: released (7u13-2.3.6-0ubuntu0.11.10.2)
precise_openjdk-7: released (7u13-2.3.6-0ubuntu0.12.04.1)
quantal_openjdk-7: released (7u13-2.3.6-0ubuntu0.12.10.1)
devel_openjdk-7: released (7u13-2.3.6-1ubuntu1)