Mageia forum

which is described https://blog.mozilla.org/security/2012/08/28/protecting-users-against-java-security-vulnerability/ - does it also apply to IcedTea plugin? Hope it is not, though the projects are developing in the same direction...

No personal knowledge of the situation, but according to a comment at your link, the IcedTea plugin blocks this particular vulnerability.

It seems for IcedTea is affected by this vulnerability. At least there is a new version available where it is mentioned that the bug is fixed: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html

Just filed bug/package update request #7259 on this. Let's hope the update comes through soon.

https://bugs.mageia.org/show_bug.cgi?id=7259

~link added by moderator

Thanks for your replies,

but I'm getting kind of confused identifying which IcedTea-Web version is which...
For example, the latest versions available for Mageia 1 are:
java-1.6.0-openjdk - 1.6.0.0-28.b22.1.mga1 (i586) with IcedTea6 1.10.8
java-1.6.0-openjdk - 1.6.0.0-14.b22.5.mga1 (x86_64) with IcedTea6 1.8.2
and from a third-party repository:
java-1.7.0-openjdk - 1.7.0.3-2.1.2.pts1 (x86_64) with IcedTea7 2.1 and icedtea-web-1.2-5.pts1 (x86_64)

So assuming that updates for java in Mageia1 are (imho) unlikely to happen due to Mageia1 ending lifecycle, which of the above would be considered the safest option to have on 64bit Mageia1 with 64bit Firefox package?

Thank you.

Or would it be better to go straight to Oracle and use their JRE?

Oracle just released a new JRE 7u7 that's supposed to address the problem.

Speaking of the latest OpenJDK updates, how are Mageia1's java-1.6.0-openjdk-1.6.0.0-29.b22.1.mga1 and Mageia2's java-1.6.0-openjdk-1.6.0.0-34.b24.1.mga2 related? Do the indexes 29 and 34 refer to Sun's java releases? If so, what is the reason for such a big releases gap between Mageia1 and 2?

Thank you.