I’ve released Blackdown’s J2SE 1.4.2-03 for Linux on x86 and AMD64/EM64T yesterday. The release fixes three security issues with the Reflection API (JRE May Allow Untrusted Applet to Elevate Privileges), so make sure you upgrade. The issue isn’t Blackdown-specific. Sun released an advisory too. Thanks to Matthias Klose, Debian packages for 1.4.2-03 are available too. [...]
Archive for the ‘Security’ Category
Blackdown J2SE 1.4.2-03
Saturday, December 3rd, 2005Debian Testing Gets Security Support
Saturday, September 10th, 2005The Debian Testing Security Team just announced the beginning of full security support for Debian’s “testing” distribution! The lack of security support was one of the main problems with “testing”. You had to pull security fixes from “unstable” or even build your own packages to keep it secure. I hope they have the manpower to [...]
WordPress Security Annoyances
Thursday, August 18th, 2005As if the unprofessional handling of WordPress security announcements (see Another WordPress Security Update and More on Security Announcements) wouldn’t be bad enough, the WordPress developers also seem to have problems with organizing releases. Stefan Esser reports that there are two WordPress 1.5.2 versions. The first one, which didn’t fix the problem it was supposed [...]
More on Security Announcements
Monday, August 15th, 2005Some people seem to misunderstand what I said about the latest WordPress update. I, myself, am perfectly able to figure out what was broken and how it was fixed. That’s not the point. I was commenting on the handling of security announcements by the WordPress developers. I expect to get information about security issues from [...]
Another WordPress Security Update
Sunday, August 14th, 2005WordPress 1.5.2 “Strayhorn” has been released today. The changelog mentions that several vulnerabilities have been fixed but — once again — the developers don’t provide any details! One has to look at the diffs to see what has been fixed. I hate that kind of silly security by obscurity. Vague vulnerability descriptions are almost useless [...]
