Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 179162

Summary: app-emulation/emul-linux-x86-java-1.6*: internal copy of libpng is vulnerable to CVE-2006-5793
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: davide.angelocola, gentoo-bug, java, wolf31o2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6559441
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 178575    
Bug Blocks: 215614    

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-19 22:31:40 UTC
+++ This bug was initially created as a clone of Bug #178575 +++

As per summary, with the disclosure of OpenJDK sources we can confirm that the libpng copy on it is not patched to fix the vulnerability in summary (CVE-2006-5793), which makes its splashscreen support vulnerable to that issue.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2007-06-01 07:44:29 UTC
app-emulation/emul-linux-x86-java-1.6* is not stable
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-01 11:04:32 UTC
Eventhough it's not stable it should still be fixed but we won't release a GLSA about it.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-08-21 06:17:39 UTC
Caster any news on this one?
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-11-07 19:53:43 UTC
Caster any news on this one?
Comment 5 Mike Doty (RETIRED) gentoo-dev 2007-11-14 05:02:22 UTC
seems like amd64 isn't needed on this bug yet?  please re-add us when you do.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2014-06-10 23:50:22 UTC
app-emulation/emul-linux-x86-java-1.6* is gone and users were advised to update in GLSA 201401-30