Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, “improper toString calls,” and the JDBC driver manager.
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
security.gentoo.org/glsa/glsa-201406-32.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=920247
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16511
rhn.redhat.com/errata/RHSA-2013-0751.html
twitter.com/thezdi/status/309425888188043264
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130