CVE-2009-3886

Publication date 9 November 2009

Last updated 24 July 2024

The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a “regression,” aka Bug Id 6870531.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
sun-java5	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored end of life
sun-java6	10.04 LTS lucid	Fixed 6.20dlj-1ubuntu3
	9.10 karmic	Fixed 6.20dlj-0ubuntu1.9.10
	9.04 jaunty	Fixed 6.20dlj-0ubuntu1.9.04
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Fixed 6.20dlj-0ubuntu1.8.04
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-3886