Gentoo Bug 183580 - dev-java/{sun-jdk|sun-jre-bin}-1.4.2.14 affected by GLSA 200705-23

First Last Prev Next No search results available Search page Enter new bug

Bug#:	183580
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Vlastimil Babka (Caster) <caster@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 183580 depends on:			Show dependency tree
Bug 183580 blocks:	215614		Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-06-28 23:51 0000

+++ This bug was initially created as a clone of Bug #182824 +++
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml

Bug 182824 was about blackdown-jdk but I could reproduce it with sun-jdk-1.4
too.

Results with 1.4.2.14 with badicc.jpg from
http://scary.beasts.org/security/CESA-2006-004.html

#  SIGSEGV (0xb) at pc=0xb7ea50dc, pid=20387, tid=3085122240
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_14-b05 mixed mode)
# Problematic frame:
# C  [libc.so.6+0x710dc]  memcpy+0x1c

Results with recently added 1.4.2.15:

Exception in thread "main" java.lang.IllegalArgumentException: Invalid ICC
Profile Data
        at java.awt.color.ICC_Profile.getInstance(ICC_Profile.java:709)


Apparently they fixed it, safe java exception instead of segfault. Although I
didn't find any relevant bug in 1.4.2.15 changelog or advisory from Sun. But
maybe we can assume it's fixed, get it stable and glsa'd.

------- Comment #1 From Vlastimil Babka (Caster) 2007-07-01 11:13:40 0000 -------

OK got it confirmed from SUN:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1

x86 please stabilize:
dev-java/sun-jdk-1.4.2.15
dev-java/sun-jre-bin-1.4.2.15

------- Comment #2 From Christian Faulhammer 2007-07-02 18:55:51 0000 -------

x86 stable, last arch, changing status to glsa?

------- Comment #3 From Matt Drew 2007-07-02 21:50:12 0000 -------

I vote yes for GLSA.

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-07-15 07:24:19 0000 -------

Voting YES.

------- Comment #5 From Robert Buchholz 2008-04-17 23:44:30 0000 -------

GLSA 200804-20, sorry for the long delay.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 183580

dev-java/{sun-jdk|sun-jre-bin}-1.4.2.14 affected by GLSA 200705-23

Last modified: 2008-04-17 23:44:30 0000