Closed
Bug 787136
Opened 12 years ago
Closed 12 years ago
Update pluginfinder to support JRE 1.7.0.7
Categories
(Toolkit Graveyard :: Plugin Finder Service, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: ygjb, Unassigned)
References
Details
Oracle has release a patch for the recent vulns out of band, and I have confirmed that at least the exploit in metasploit no longer works, and others are reporting it as verified fixed on twitter.
|
||
Comment 1•12 years ago
|
||
Release notes link if needed - http://www.oracle.com/technetwork/java/javase/7u7-relnotes-1835816.html
|
||
Comment 2•12 years ago
|
||
CCing Laura, whose team provides technical assistance for PFS. Carsten is already CCed.
|
||
Updated•12 years ago
|
Blocks: CVE-2012-4681
|
||
Comment 3•12 years ago
|
||
We need the SHA1 hash for the installer. (See https://bugzilla.mozilla.org/show_bug.cgi?id=759116#c0 for an example)
|
|
||
Comment 4•12 years ago
|
||
mcoates provided the hash, and clouserw was kind enough to land it: https://github.com/mozilla/zamboni/commit/91ccef745c92548d885522b4f700f40528635f2c Thanks Wil!
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 5•12 years ago
|
||
stage still has 1.7.0.6 as up to date http://screencast.com/t/C0Nfv1w1d
|
|
||
Comment 6•12 years ago
|
||
ccing clouserw for comment - did we miss something?
|
||
Comment 7•12 years ago
|
||
The patch in comment 4 was for the plugin finder service which is what the bug summary is about. Bug 787217 is for plugincheck.
Component: plugins.mozilla.org → Plugin Finder Service
Product: Websites → Toolkit
Hardware: x86_64 → All
|
|
||
Comment 8•12 years ago
|
||
Just talked with MattN on irc. This is a two step process: Step 1 - Update plugin finder service. That is this bug and is done Step 2 - Log into https://plugins.mozilla.org/en-us/login and update the Java entry https://plugins.mozilla.org/en-us/plugins/detail/java-runtime-environment This is not yet done and is captured in bug 787217. Tomcat or key will do this and they are copied in that bug.
|
||
Comment 9•12 years ago
|
||
(In reply to Michael Coates [:mcoates] from comment #8) > Step 2 - Log into https://plugins.mozilla.org/en-us/login and update the > Java entry > https://plugins.mozilla.org/en-us/plugins/detail/java-runtime-environment > This is not yet done and is captured in bug 787217. Tomcat or key will do > this and they are copied in that bug. kev did this point last night and should be updated now for all users
|
||
Comment 10•12 years ago
|
||
Something I noticed when testing the staged block: * Java 7u6 reports in PFS as "out of date" (yellow) * Java 7u5 reports in PFS as "vulnerable" (red) I think we'd want to communicate both as vulnerable.
|
|
||
Comment 11•12 years ago
|
||
(In reply to Anthony Hughes, Mozilla QA (:ashughes) from comment #10) > Something I noticed when testing the staged block: > * Java 7u6 reports in PFS as "out of date" (yellow) > * Java 7u5 reports in PFS as "vulnerable" (red) > > I think we'd want to communicate both as vulnerable. reopened to address comment 10
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 12•12 years ago
|
||
Wrong bug. You need to reopen bug 787217 to get that changed.
|
|
||
Comment 13•12 years ago
|
||
Copying comment 10 and comment 11 to bug 787217.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
|
|
||
Comment 14•12 years ago
|
||
This appears to be working good now. Marking verified fixed.
Status: RESOLVED → VERIFIED
|
Assignee | |
Updated•10 years ago
|
Product: Toolkit → Toolkit Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•