Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 565842 - <dev-java/icedtea{,-bin}-{6.1.13.9,7.2.6.2}: Multiple vulnerabilities (CVE-2015-{4734,4803,4805,4806,4835,4840,4842,4843,4844,4860,4872,4881,4882,4883,4893,4903,4911})
Summary: <dev-java/icedtea{,-bin}-{6.1.13.9,7.2.6.2}: Multiple vulnerabilities (CVE-20...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-15 16:37 UTC by James Le Cuirot
Modified: 2016-03-12 23:41 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description James Le Cuirot gentoo-dev 2015-11-15 16:37:55 UTC 
I have already bumped icedtea and icedtea-bin. icedtea doesn't get marked stable so the vulnerable versions of that are already cleared.

amd64, x86, and ppc arch teams, please stabilise:
dev-java/icedtea-bin-6.1.13.9
dev-java/icedtea-bin-7.2.6.2
Comment 1 Agostino Sarubbo gentoo-dev 2015-11-16 09:08:15 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2015-11-16 09:08:39 UTC 
x86 stable
Comment 3 James Le Cuirot gentoo-dev 2015-11-16 14:17:20 UTC 
Thanks, ago. That's 7.2.6.1 removed. Can't remove the others until ppc is sorted.
Comment 4 James Le Cuirot gentoo-dev 2015-12-08 22:21:50 UTC 
Don't bother with ppc now as this version has already been declared vulnerable. I'll get 7.2.6.3 up shortly.
Comment 5 James Le Cuirot gentoo-dev 2015-12-26 12:17:07 UTC 
Sorr(In reply to James Le Cuirot from comment #4)
> Don't bother with ppc now as this version has already been declared
> vulnerable. I'll get 7.2.6.3 up shortly.

Sorry, I forgot about 6. There hasn't been a new release of that so 6.1.13.9 still needs to be stabilized for ppc. Thanks.
Comment 6 James Le Cuirot gentoo-dev 2015-12-26 12:17:58 UTC 
Oops, forgot to CC. ppc team, please see above.
Comment 7 James Le Cuirot gentoo-dev 2016-01-16 14:29:09 UTC 
ppc has now been dropped entirely. Security team, please proceed.
Comment 8 Aaron Bauman (RETIRED) gentoo-dev 2016-03-09 13:30:38 UTC 
Added to existing GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 23:41:18 UTC 
This issue was resolved and addressed in
 GLSA 201603-14 at https://security.gentoo.org/glsa/201603-14
by GLSA coordinator Kristian Fiskerstrand (K_F).