By Eric P. Maurice on Feb 08, 2013
Hello, this is Eric Maurice.
On February 1st 2013, Oracle released the February 2013 Critical Patch Update for Java SE. In the blog entry discussing this Critical Patch Update release, I stated that this Critical Patch Update was originally scheduled to be released on February 19th, and that Oracle decided to accelerate the release of this Critical Patch Update because of the exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers.
As a result of the accelerated release of the Critical Patch Update, Oracle did not include a small number of fixes initially intended for inclusion in the February 2013 Critical Patch Update for Java SE. Oracle is therefore planning to release an updated version of the February 2013 Critical Patch Update on the initially scheduled date.
This updated February 2013 Critical Patch Update will be published on February 19th and will include the fixes that couldn’t be released on February 1st. A new Critical Patch Update Advisory will also be published on February 19th on http://www.oracle.com/technetwork/topics/security/alerts-086861.html to include information about the additional fixes being released.
Note that Critical Patch Updates for Java SE are cumulative. As a result, organizations that may not have applied the February 1st release will be able to apply the updated Critical Patch Update when it is published, and will then gain the benefit of all previously released Java SE fixes. As usual, desktop users will be able to install this new version from java.com or through the Java autoupdate.
For More Information:
The advisory for the February 2013 Critical Patch Update is located at http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
More information about Oracle Software Security Assurance is located at http://www.oracle.com/us/support/assurance/index.html