Bug 212425 (CVE-2008-0628)

Summary:	dev-java/sun-{jdk,jre-bin}\|app-emulation/emul-linux-x86-java} security updates (CVE-2008-{0628,0657,1185,1186,1187,1188,1189,1190,1191,1192,1193,1194,1195,1196})
Product:	Gentoo Security	Reporter:	Carsten Lohrke (RETIRED) <carlo>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	java, jussi.t.t.saarinen, prote
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	?? [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	165270, 215614

Description Carsten Lohrke (RETIRED) gentoo-dev

2008-03-05 20:27:08 UTC

On March 4, 2008, Sun will release the following security updates: 
 
JDK and JRE 6 Update 5
JDK and JRE 5.0 Update 15
SDK and JRE 1.4.2_17
SDK and JRE 1.3.1_22

The following Sun Alerts corresponding to these updates will be released following the availability of these updates. 
 
233321
233322
233323
233324
233325
233326
233327


source: http://blogs.sun.com/security/

Comment 1 Petteri Räty (RETIRED) gentoo-dev

2008-03-05 20:35:18 UTC

Will need to wait for Sun to release DLJ bundles:
https://jdk-distros.dev.java.net/developer.html
22:33 <robogeek> I will check when the DLJ bundles are released, should be shortly

Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2008-03-05 20:46:16 UTC

DLJ is not the case of 1.4 which is already available the only usual fetch restricted way.
Adding release just in case, as DJL versions should permit distribution on our media (although I doubt we do that :)

Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2008-03-05 21:33:49 UTC

1.4 added, please stabilize

x86: dev-java/sun-{jdk,jre-bin}-1.4.2.17
amd64: app-emulation/emul-linux-x86-java-1.4.2.17

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2008-03-06 07:56:40 UTC

x86 stable

Comment 5 Jussi Saarinen 2008-03-13 00:31:10 UTC

*** Bug 213127 has been marked as a duplicate of this bug. ***

Comment 6 Peter Volkov (RETIRED) gentoo-dev

2008-03-20 21:07:54 UTC

app-emulation/emul-linux-x86-java-1.4.2.17 - amd64 stable.

Fixed in release snapshot.

Vlastimil, we are propagating all security fixes for stable tree to be sure that we are safe.

Comment 7 Robert Buchholz (RETIRED) gentoo-dev

2008-03-26 12:30:36 UTC

I heard they're out now?

Comment 8 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2008-03-26 22:22:41 UTC

added, please stabilize

x86+amd64: dev-java/sun-{jdk,jre-bin}-{1.5.0.15,1.6.0.05}
amd64: app-emulation/emul-linux-x86-java-{1.5.0.15,1.6.0.05}

Comment 9 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2008-03-26 22:23:46 UTC

Adding back release to propagate fixes when stabled per comment 6

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2008-03-26 22:30:15 UTC

and my other two friends, amd64 and x86.

Comment 11 Christian Faulhammer (RETIRED) gentoo-dev

2008-03-27 07:55:19 UTC

x86 stable

Comment 12 Markus Meier gentoo-dev

2008-03-27 19:35:36 UTC

amd64 stable (last arch)

Comment 13 Peter Volkov (RETIRED) gentoo-dev

2008-03-28 08:16:13 UTC

Fixed in release snapshot.

Comment 14 Robert Buchholz (RETIRED) gentoo-dev

2008-04-17 23:44:53 UTC

GLSA 200804-20, sorry for the long delay.