Toby reminded us that Oracle is releasing Java 7 update 5 and Java 6 update 33 today.

Updated after Oracle released the vulnerability details.

• Release notes for 6u33
• Release notes for 7u5
• Downloads
• Advisory (contains their risk matrix)
• More verbose version of their risk matrix 

Unfortunately it's all still made to be useless to determine what the problems are with the software and perform your own risk assessments.

Just note there are CVSS scores of 10 in there, and in the past months we saw what slacking on patching Java can do (Ref: the recent Apple Mac OS X malware), so just patch this on a rather urgent time schedule due to lack of detailed descriptions.

Update:

My words above were barely written or I got the notification of Apple that they are releasing Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 today as well. This brings them in line with the updates to 1.6.0_33 above as well as implementing the deactivation of the Java browser plugin and Java Web Start if they remain unused for 35 days to Snow Leopard and deactivating the Java browser plugin and Java Web Start if they do not meet the criteria for minimum safe versions (on Both Lion and Snow Leopard.

• Apple Patch info
• Apple security patches overview

--
Swa Frantzen -- Section 66