+++ This bug was initially created as a clone of Bug #182824 +++ http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml Bug 182824 was about blackdown-jdk but I could reproduce it with sun-jdk-1.4 too. Results with 1.4.2.14 with badicc.jpg from http://scary.beasts.org/security/CESA-2006-004.html # SIGSEGV (0xb) at pc=0xb7ea50dc, pid=20387, tid=3085122240 # # Java VM: Java HotSpot(TM) Client VM (1.4.2_14-b05 mixed mode) # Problematic frame: # C [libc.so.6+0x710dc] memcpy+0x1c Results with recently added 1.4.2.15: Exception in thread "main" java.lang.IllegalArgumentException: Invalid ICC Profile Data at java.awt.color.ICC_Profile.getInstance(ICC_Profile.java:709) Apparently they fixed it, safe java exception instead of segfault. Although I didn't find any relevant bug in 1.4.2.15 changelog or advisory from Sun. But maybe we can assume it's fixed, get it stable and glsa'd.
OK got it confirmed from SUN: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 x86 please stabilize: dev-java/sun-jdk-1.4.2.15 dev-java/sun-jre-bin-1.4.2.15
x86 stable, last arch, changing status to glsa?
I vote yes for GLSA.
Voting YES.
GLSA 200804-20, sorry for the long delay.