PublicDateAtUSN: 2014-01-15
Candidate: CVE-2013-5878
PublicDate: 2014-01-15 16:11:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
 https://rhn.redhat.com/errata/RHSA-2014-0026.html
 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
 https://ubuntu.com/security/notices/USN-2089-1
 https://ubuntu.com/security/notices/USN-2124-1
Description:
 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded
 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality,
 integrity, and availability via unknown vectors related to Security.  NOTE:
 the previous information is from the January 2014 CPU.  Oracle has not
 commented on third-party claims that the Security component does not
 properly handle null XML namespace (xmlns) attributes during XML document
 canonicalization, which allows attackers to escape the sandbox.
Ubuntu-Description:
Notes:
 mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
 jdstrand> sun-java6 is not redistributable, no longer in the archive and
  no longer tracked
 jdstrand> sun-java5 is EOL upstream and no longer tracked
Bugs:
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_openjdk-6:
upstream_openjdk-6: needs-triage
lucid_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.10.04.1)
precise_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.12.04.1)
quantal_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.12.10.1)
raring_openjdk-6: deferred (2014-01-15)
saucy_openjdk-6: released (6b30-1.13.1-1ubuntu2~0.13.10.1)
devel_openjdk-6: not-affected (6b30-1.13.1-1ubuntu1)

Patches_openjdk-7:
upstream_openjdk-7: released (7u51-2.4.4-1)
lucid_openjdk-7: DNE
precise_openjdk-7: released (7u51-2.4.4-0ubuntu0.12.04.2)
quantal_openjdk-7: released (7u51-2.4.4-0ubuntu0.12.10.2)
raring_openjdk-7: released (7u51-2.4.4-0ubuntu0.13.04.2)
saucy_openjdk-7: released (7u51-2.4.4-0ubuntu0.13.10.1)
devel_openjdk-7: not-affected (7u51-2.4.4-1ubuntu1)