Skip Menu | Logged in as guest | Logout
 
Ticket metadata
The Basics
Id: 4559
Status: resolved
Priority: 0/0
Queue: vdt-support
Custom Fields
Fixed in: (no value)
Fix scheduled: (no value)
People
Owner: Scot Kronenfeld
Requestors: aashish@ncsa.uiuc.edu
Cc:
AdminCc:
More about aashish@ncsa.uiuc.edu
Comments about this user:
No comment entered about this user
This user's 10 highest priority tickets:
Groups this user belongs to:
  • Everyone
  • Unprivileged
Reminders
New reminder:
Dates
Created: Fri Dec 12 13:32:42 2008
Starts: Not set
Started: Not set
Last Contact: Thu Dec 18 15:55:21 2008
Due: Not set
Closed: Thu Dec 18 15:55:21 2008
Updated: Thu Dec 18 15:55:22 2008 by kronenfe
Links
Depends on: (Create)
Depended on by: (Create)
Parents: (Create)
Children: (Create)
Refers to: (Create)
Referred to by: (Create)

History Brief headersFull headers
# Fri Dec 12 13:32:44 2008 aashish@ncsa.uiuc.edu - Ticket created [Reply
CC: osg-security-team@OPENSCIENCEGRID.ORG
Subject: Upgrade Java 4, 5, 6 in VDT 1.8.1 and 1.10.1
Date: Thu, 11 Dec 2008 10:28:24 -0600
To: Alain Roy <roy@cs.wisc.edu>
From: Aashish Sharma <aashish@ncsa.uiuc.edu>
Download (untitled) / with headers
text/plain 623b
Hello Alain:

Sun has released Java updates for multiple vulnerabilities on 12/05.
Here are the details about it:

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

I have not yet seen this vulnerability being actively exploited yet
but there are remote code execution vulnerabilities (amongst others).
We need to patch Java at least by the next VDT release but no later
then end of January.

If we see this being actively exploited, I will inform you and we may
want it done at a higher priority.

Please let me know if you have any questions in this regard.

Thanks a lot,

Aashish Sharma
OSG Security Team
# Mon Dec 15 11:34:40 2008 kronenfe - Taken
# Mon Dec 15 12:09:10 2008 kronenfe - Comments added [Reply
Subject: [vdt-support #4559] SVN commit, rev 8490
To: vdt-support@cs.wisc.edu
From: kronenfe@cs.wisc.edu
Download (untitled) / with headers
text/plain 251b
Commit comment:
Upgrade JAVA from 1.4.2_18 to 1.4.2_19
Upgrade JAVA5 from 1.5.0_16 to 1.5.0_17
Upgrade JAVA6 from 1.6.0_07 to 1.6.0_11


Changed files:
U vdt/branches/vdt-1.10.1/defs

To generate a diff:
svn diff -c 8490 file:///p/vdt/workspace/svn
# Mon Dec 15 13:01:56 2008 kronenfe - Comments added [Reply
Subject: [vdt-support #4559] SVN commit, rev 8494
To: vdt-support@cs.wisc.edu
From: kronenfe@cs.wisc.edu
Download (untitled) / with headers
text/plain 258b
Commit comment:
Removed special handling of 32-on-ia64 for this package because we do not
support that type of installation.


Changed files:
U vdt/branches/vdt-1.10.1/JDK-1.4/JDK-1.4.pacman

To generate a diff:
svn diff -c 8494 file:///p/vdt/workspace/svn
# Mon Dec 15 13:04:01 2008 kronenfe - Comments added [Reply
Subject: [vdt-support #4559] SVN commit, rev 8495
To: vdt-support@cs.wisc.edu
From: kronenfe@cs.wisc.edu
Download (untitled) / with headers
text/plain 299b
Commit comment:
Added --short-version flag to vdt-vesion calls.


Changed files:
U vdt/branches/vdt-1.10.1/JDK-1.4/JDK-1.4.pacman
U vdt/branches/vdt-1.10.1/JDK-1.5/JDK-1.5.pacman
U vdt/branches/vdt-1.10.1/JDK-1.6/JDK-1.6.pacman

To generate a diff:
svn diff -c 8495 file:///p/vdt/workspace/svn
# Mon Dec 15 15:00:27 2008 kronenfe - Comments added [Reply
Subject: [vdt-support #4559] SVN commit, rev 8499
To: vdt-support@cs.wisc.edu
From: kronenfe@cs.wisc.edu
Download (untitled) / with headers
text/plain 250b
Commit comment:
Upgrade JAVA from 1.4.2_16 to 1.4.2_19
Upgrade JAVA5 from 1.5.0_14 to 1.5.0_17
Upgrade JAVA6 from 1.6.0_02 to 1.6.0_11


Changed files:
U vdt/branches/vdt-1.8.1/defs

To generate a diff:
svn diff -c 8499 file:///p/vdt/workspace/svn
# Tue Dec 16 16:20:26 2008 kronenfe - Correspondence added [Reply
Download (untitled) / with headers
text/plain 113b
Hi Aashish,
We released the JDK updates in 1.10.1q today. We will release an update
to 1.8.1 soon.

Thanks,
scot
# Tue Dec 16 16:20:28 2008 RT_System - Status changed from 'new' to 'open'
# Tue Dec 16 16:26:46 2008 aashish@ncsa.uiuc.edu - Correspondence added [Reply
CC: osg-security-team@OPENSCIENCEGRID.ORG
Subject: Re: [vdt-support #4559] Upgrade Java 4, 5, 6 in VDT 1.8.1 and 1.10.1
Date: Tue, 16 Dec 2008 16:29:31 -0600
To: Scot Kronenfeld via RT <vdt-support@OPENSCIENCEGRID.ORG>
From: Aashish Sharma <aashish@ncsa.uiuc.edu>
Download (untitled) / with headers
text/plain 396b
Thanks a lot Scot for notifying us.

Aashish

On Tue, Dec 16, 2008 at 04:20:38PM -0600, Scot Kronenfeld via RT wrote:
> Hi Aashish,
> We released the JDK updates in 1.10.1q today. We will release an update
> to 1.8.1 soon.
>
> Thanks,
> scot
>
> --
> View ticket at <http://crt.cs.wisc.edu/Ticket/Display.html?user=guest&pass=guest&id=4559>
> VDT Support: vdt-support@opensciencegrid.org
>
# Thu Dec 18 15:55:01 2008 kronenfe - Correspondence added [Reply
Download (untitled) / with headers
text/plain 145b
Hi Aashish
I released 1.8.1s today which contains the JDK updates.

I am resolving this ticket now. Thanks for letting us know about the
update.
# Thu Dec 18 15:55:21 2008 kronenfe - Status changed from 'open' to 'resolved'