neither RedHat 7.3, 9 Fedora Core 1 included Sun Java. an updated Sun Java is available from Sun and jpackage.org. IIRC, cyrus-imapd was added from Fedora Extras to Fedora Core 2. earlier releases did not include it. rob. On Fri, 2004-12-03 at 10:24, Jeff Sheltren wrote: > I'm not sure on Cyrus, but I don't think RedHat/Fedora has included Sun Java > in any release. > > -Jeff > > > On 12/3/04 7:11 AM, "John Dalbec" <jpdalbec@xxxxxxx> wrote: > > > Do these issues apply to -legacy? > > > > 04.47.8 CVE: CAN-2004-1011, CAN-2004-1012, CAN-2004-1013, > > CAN-2004-1015 > > Platform: Unix > > Title: Cyrus IMAPD Multiple Remote Vulnerabilities > > Description: Cyrus IMAPD is an IMAP daemon. It is reported to be > > vulnerable to multiple remote buffer overflow issues. Cyrus IMAPD > > versions 2.2.4 to 2.2.8 are reported to be vulnerable. > > Ref: http://security.e-matters.de/advisories/152004.html > > > > 04.47.13 CVE: CAN-2004-1029 > > Platform: Cross Platform > > Title: Sun Java Plug-in Security Restriction Bypass > > Description: Java Plug-in technology, part of the Java 2 Runtime > > Environment (JRE), establishes a connection between popular browsers > > and the Java platform. It is possible to bypass the Java sandbox and > > all security restrictions imposed within Java Applets to execute > > malicious applets and gain full control. Sun Java 2 Platform, Standard > > Edition (J2SE) versions 1.4.2_01 and 1.4.2_04 are known to be > > vulnerable. > > Ref: > > http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities > > > > -- > > > > fedora-legacy-list@xxxxxxxxxx > > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > > -- > > fedora-legacy-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-list -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list