CVE-2009-3880
Published: 9 November 2009
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(6b18-1.8.2-4ubuntu1~8.04.1)
|
|
| intrepid |
Released
(6b12-0ubuntu6.6)
|
|
| jaunty |
Released
(6b14-1.4.1-0ubuntu12)
|
|
| karmic |
Released
(6b16-1.6.1-3ubuntu1)
|
|
| lucid |
Not vulnerable
(6b17~pre2-0ubuntu3)
|
|
| maverick |
Not vulnerable
(6b17~pre2-0ubuntu3)
|
|
| upstream |
Released
(6b17)
|
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Not vulnerable
(1.5.0-22-0ubuntu0.8.04)
|
|
| intrepid |
Ignored
(end of life, was needs-triage)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| upstream |
Released
(1.5.0-22)
|
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(6.20dlj-0ubuntu1.8.04)
|
|
| intrepid |
Ignored
(end of life, was needs-triage)
|
|
| jaunty |
Released
(6.20dlj-0ubuntu1.9.04)
|
|
| karmic |
Released
(6.20dlj-0ubuntu1.9.10)
|
|
| lucid |
Released
(6.20dlj-1ubuntu3)
|
|
| maverick |
Not vulnerable
|
|
| upstream |
Released
(6.17)
|