Launchpad CVE tracker

CVE 2009-3728

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

Related bugs and status

CVE-2009-3728 (Candidate) is related to these bugs:

Bug #359407: Jaunty icedtea6-plugin doesn’t work in Firefox 3.5

		In	Importance	Status
359407	Jaunty icedtea6-plugin doesn’t work in Firefox 3.5	openjdk-6 (Ubuntu)	High	Fix Released
359407	Jaunty icedtea6-plugin doesn’t work in Firefox 3.5	firefox-3.5 (Ubuntu)	High	Invalid
359407	Jaunty icedtea6-plugin doesn’t work in Firefox 3.5	iceweasel (Debian)	Unknown	Fix Released
359407	Jaunty icedtea6-plugin doesn’t work in Firefox 3.5	Mozilla Firefox	Critical	Invalid
359407	Jaunty icedtea6-plugin doesn’t work in Firefox 3.5	firefox-3.5 (Ubuntu Jaunty)	Undecided	Invalid
359407	Jaunty icedtea6-plugin doesn’t work in Firefox 3.5	openjdk-6 (Ubuntu Jaunty)	High	Fix Released

Bug #472845: wrong metric for Chinese font in OpenJDK applications

		In	Importance	Status
472845	wrong metric for Chinese font in OpenJDK applications	openjdk-6 (Ubuntu)	Undecided	Fix Released
472845	wrong metric for Chinese font in OpenJDK applications	openjdk-6 (Ubuntu Jaunty)	Undecided	Fix Released
472845	wrong metric for Chinese font in OpenJDK applications	openjdk-6 (Ubuntu Karmic)	Undecided	Fix Released
472845	wrong metric for Chinese font in OpenJDK applications	openjdk-6 (Ubuntu Lucid)	Undecided	Fix Released
472845	wrong metric for Chinese font in OpenJDK applications	openjdk-6 (Ubuntu Maverick)	Undecided	Fix Released

Bug #477812: Security update for Sun Java JRE 6: update 17

		In	Importance	Status
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu)	Undecided	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Debian)	Unknown	Fix Released
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (openSUSE)	Unknown	Unknown
477812	Security update for Sun Java JRE 6: update 17	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released

Bug #551328: Applets use 100% of CPU

		In	Importance	Status
551328	Applets use 100% of CPU	openjdk-6 (Ubuntu)	Undecided	Fix Released
551328	Applets use 100% of CPU	OpenJDK	Medium	Invalid
551328	Applets use 100% of CPU	openjdk-6 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3728

References