499464 – <dev-java/icedtea-{,bin}-6.1.12.8 : multiple vulnerabilities

Bug 499464 - <dev-java/icedtea-{,bin}-6.1.12.8 : multiple vulnerabilities

Summary: <dev-java/icedtea-{,bin}-6.1.12.8 : multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [noglsa]
Keywords:

Depends on:	508270 524560
Blocks:
	Show dependency tree

Reported:	2014-01-27 16:27 UTC by Agostino Sarubbo
Modified:	2015-11-22 14:37 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-01-27 16:27:58 UTC

From the News file in the tarball:

New in release 1.12.8 (2014-01-22):

* Security fixes
  - S6727821: Enhance JAAS Configuration
  - S7068126, CVE-2014-0373: Enhance SNMP statuses
  - S8010935: Better XML handling
  - S8011786, CVE-2014-0368: Better applet networking
  - S8021257, CVE-2013-5896: com.sun.corba.se.** should be on restricted package list
  - S8022904: Enhance JDBC Parsers
  - S8022927: Input validation for byte/endian conversions
  - S8022935: Enhance Apache resolver classes
  - S8022945: Enhance JNDI implementation classes
  - S8023057: Enhance start up image display
  - S8023069, CVE-2014-0411: Enhance TLS connections
  - S8023245, CVE-2014-0423: Enhance Beans decoding
  - S8023301: Enhance generic classes
  - S8023672: Enhance jar file validation
  - S8024306, CVE-2014-0416: Enhance Subject consistency
  - S8024530: Enhance font process resilience
  - S8024867: Enhance logging start up
  - S8025014: Enhance Security Policy
  - S8025018, CVE-2014-0376: Enhance JAX-P set up
  - S8025026, CVE-2013-5878: Enhance canonicalization
  - S8025034, CVE-2013-5907: Improve layout lookups
  - S8025448: Enhance listening events
  - S8025758, CVE-2014-0422: Enhance Naming management
  - S8025767, CVE-2014-0428: Enhance IIOP Streams
  - S8026172: Enhance UI Management
  - S8026176: Enhance document printing
  - S8026193, CVE-2013-5884: Enhance CORBA stub factories
  - S8026204: Enhance auth login contexts
  - S8026417, CVE-2013-5910: Enhance XML canonicalization
  - S8027201, CVE-2014-0376: Enhance JAX-P set up

Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev

2014-01-29 21:34:38 UTC

Ebuild for icedtea-6.1.13.1 now in tree.

Please note:
 - icedtea-6.1.13.0 is vulnerable as well
 - those who want to stay with the 1.12 branch for now can find icedtea-6.1.12.8 in the java overlay. 


*icedtea-6.1.13.1 (29 Jan 2014)

  29 Jan 2014; Ralph Sennhauser <sera@gentoo.org> +icedtea-6.1.13.1.ebuild:
  Security bump #499464

Comment 2 Agostino Sarubbo gentoo-dev

2014-01-30 11:31:44 UTC

(In reply to Ralph Sennhauser from comment #1)
> Ebuild for icedtea-6.1.13.1 now in tree.
> 
> Please note:
>  - icedtea-6.1.13.0 is vulnerable as well
>  - those who want to stay with the 1.12 branch for now can find
> icedtea-6.1.12.8 in the java overlay. 
> 
> 
> *icedtea-6.1.13.1 (29 Jan 2014)
> 
>   29 Jan 2014; Ralph Sennhauser <sera@gentoo.org> +icedtea-6.1.13.1.ebuild:
>   Security bump #499464

what about the -bin?

Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2014-05-31 21:12:10 UTC

icedtea-bin-6.1.13.3 is being stabilized for bug 508270 which will resolve this as well

Comment 4 James Le Cuirot gentoo-dev

2015-05-10 22:30:20 UTC

I'm just going to close this since no one cares. This version has long gone.