Sorry for the lateness of this, I've never filed a security bug and was used to other people doing it for me! These are usually coupled with Oracle security releases but Oracle is no longer providing public updates for Java 7 (or 6) so this applies to IcedTea only. As such, it probably didn't get much publicity. I have already bumped icedtea and icedtea-bin. icedtea doesn't get marked stable so the vulnerable versions of that are already cleared. amd64, x86, and ppc arch teams, please stabilise: dev-java/icedtea-bin-6.1.13.8 dev-java/icedtea-bin-7.2.5.6 (ppc only) dev-java/icedtea-bin-7.2.6.1 (not ppc) Note that 7.2.5.6 is required because the 2.6 series is currently broken on ppc.
So, if I understand well: AMD64/X86: =dev-java/icedtea-bin-6.1.13.8 =dev-java/icedtea-bin-7.2.6.1 PPC: =dev-java/icedtea-bin-6.1.13.8 =dev-java/icedtea-bin-7.2.5.6 Please confirm.
(In reply to Agostino Sarubbo from comment #1) > So, if I understand well: > ... > Please confirm. Yes.
amd64 stable
x86 stable
Please hold off on ppc for a second, we've just realised why CACAO has been causing memory problems, it has a fixed 128MB heap. :|
(In reply to James Le Cuirot from comment #5) > Please hold off on ppc for a second, we've just realised why CACAO has been > causing memory problems, it has a fixed 128MB heap. :| Okay, I have now pushed a fix for that as -r1. ppc team, please stabilise: dev-java/icedtea-bin-6.1.13.8-r1 dev-java/icedtea-bin-7.2.5.6-r1 6.1.13.8-r1 went straight to stable for amd64 and x86 as only the core ppc tarball changed.
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Thanks. Vulnerable versions now removed.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201603-14 at https://security.gentoo.org/glsa/201603-14 by GLSA coordinator Kristian Fiskerstrand (K_F).