CVE-2009-3880

NameCVE-2009-3880
DescriptionThe Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs560908

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6source(unstable)6b17~pre3-1medium560908
sun-java6source(unstable)6-17-1medium
sun-java6sourcelenny6-20-0lenny1medium

Search for package or bug name: Reporting problems