I'm going to bump icedtea and icedtea-bin now. icedtea doesn't get marked stable so the vulnerable versions will be cleared immediately. Note that icedtea-bin:7 for arm is being dropped, at least temporarily, as the performance benefit it provides over icedtea-bin:8 is currently broken.
Bumped. amd64 and x86 arch teams, please stabilise: dev-java/icedtea-bin-7.2.6.6
Had to bump to -r1 because I forgot to increase the glibc dependency. amd64 and x86 arch teams, please stabilise: dev-java/icedtea-bin-7.2.6.6-r1
amd64 stable
Ping x86 team!
CVE-2016-3449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3449): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. CVE-2016-3443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3443): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. CVE-2016-3427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3427): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3425): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3422): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. CVE-2016-0695 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0695): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. CVE-2016-0687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0687): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. CVE-2016-0686 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0686): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
Added to existing GLSA.
x86 team still hasn't dealt with this one. :(
x86 stable. Maintainer(s), please cleanup.
Old removed. Security team, please continue.
This issue was resolved and addressed in GLSA 201606-18 at https://security.gentoo.org/glsa/201606-18 by GLSA coordinator Aaron Bauman (b-man).