[Slackbuilds-users] The latest jdk on slackbuilds.org (JB)
JB
yochanon at lavabit.com
Tue Apr 16 14:31:31 UTC 2013
On Tue, 16 Apr 2013 15:46:51 +0200
Matteo Bernardini <matteo.bernardini at gmail.com> wrote:
> as the plugin is a serious threat for anybody using it, there's this block
> inside the slackbuild
>
> if [ ${EXPLOIT_ME:-"no"} = "YES" ] ;then
> mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/mozilla/plugins
> cd $PKG/usr/lib${LIBDIRSUFFIX}/mozilla/plugins
> ln -sf /usr/lib${LIBDIRSUFFIX}/java/jre/lib/${LIB_ARCH}/libnpjp2.so
> libnpjp2.so
> else
> echo "
> The February Critical Patch Update for Java SE addresses 50 security
> vulnerabilities, 44 of which affect the use of Java as a plug-in for
> Web browers.
>
> !! THE MOZILLA PLUGIN IS NO LONGER ACTIVATED BY DEFAULT !!
> "
> sleep 5
> fi
>
> so, if you prefer, passing a variable EXPLOIT_ME=YES to the
> slackbuild, exposes you to the various java plugin exploits out there.
>
> Matteo
Ah yes. I saw that but had no idea what to do about it. Thanks much, Matteo.
--
"Americans [have] the right and advantage of being armed, unlike the citizens of
other countries whose governments are afraid to trust their people with arms."
-James Madison
More information about the SlackBuilds-users
mailing list