CVE-2008-3440

Name	CVE-2008-3440
Description	Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
sun-java5	source	(unstable)	(not affected)
sun-java6	source	(unstable)	(not affected)

Notes

- sun-java5 <not-affected> (only java updater for windows affected)
- sun-java6 <not-affected> (only java updater for windows affected)