CVE-2009-3884
Published: 9 November 2009
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6b18-1.8.2-4ubuntu1~8.04.1)
|
|
intrepid |
Released
(6b12-0ubuntu6.6)
|
|
jaunty |
Released
(6b14-1.4.1-0ubuntu12)
|
|
karmic |
Released
(6b16-1.6.1-3ubuntu1)
|
|
lucid |
Not vulnerable
(6b17~pre2-0ubuntu3)
|
|
maverick |
Not vulnerable
(6b17~pre2-0ubuntu3)
|
|
upstream |
Released
(6b17)
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Not vulnerable
(1.5.0-22-0ubuntu0.8.04)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Released
(1.5.0-22)
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6.20dlj-0ubuntu1.8.04)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Released
(6.20dlj-0ubuntu1.9.04)
|
|
karmic |
Released
(6.20dlj-0ubuntu1.9.10)
|
|
lucid |
Released
(6.20dlj-1ubuntu3)
|
|
maverick |
Not vulnerable
|
|
upstream |
Released
(6.17)
|