15 messages in net.java.dev.jugs.jug-leaders[jug-leaders] Re: Java 7 0day| From | Sent On | Attachments |
|---|---|---|
| Tobias Frech | Aug 27, 2012 4:55 am | |
| John Yeary | Aug 28, 2012 6:49 am | |
| Víctor Orozco | Aug 28, 2012 8:46 am | |
| Hildeberto Mendonça | Aug 30, 2012 12:34 am | |
| John Yeary | Aug 30, 2012 5:27 am | |
| Víctor Orozco | Aug 31, 2012 3:46 pm | |
| Georges Saab | Sep 1, 2012 11:04 pm | |
| Frans Thamura | Sep 1, 2012 11:19 pm | |
| Mattias Karlsson | Sep 11, 2012 5:51 am | |
| Frans Thamura | Sep 11, 2012 5:56 am | |
| Donald Smith | Sep 11, 2012 6:01 am | |
| Tobias Frech | Sep 11, 2012 9:27 am | |
| Donald Smith | Sep 11, 2012 9:35 am | |
| Toth, Csaba | Sep 11, 2012 12:53 pm | |
| Hildeberto Mendonça | Sep 12, 2012 12:48 am |
| Subject: | [jug-leaders] Re: Java 7 0day | |
|---|---|---|
| From: | Georges Saab (geor...@oracle.com) | |
| Date: | Sep 1, 2012 11:04:25 pm | |
| List: | net.java.dev.jugs.jug-leaders | |
Hi Victor,
On 28 aug 2012, at 08:47, Víctor Orozco <caba...@gmail.com> wrote:
In Linux distributions root privilege escalations are more common than the
people believes but the difference resides in the fact that you can expect a
patch in two or three days (as much) and the idea that I received from the
sentence "Oracle has yet to comment on the reports or say when it plans to fix
the vulnerability. The next scheduled patch release isn't until the middle of
October" is not very comforting. Maybe Oracle have to improve his public
relationships concerning to security issues :).
The Oracle policy has a bit more nuance than this -- for reference it can be
found here:
http://www.oracle.com/us/support/assurance/fixing-policies/index.html
btw, I am not trying to suggest that the policy is perfect, just to facilitate
knowing what it
actually is.
-- Victor Leonel Orozco (tuxtor) - http://tuxtor.shekalug.org