Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 312297

Summary: <dev-java/icedtea6-bin-1.7.2: Multiple Vulnerabilities (CVE-2009-3555, CVE-2010-{0082,0084,0085,0088,0091,0092,0093,0094,0095,0837,0838,0840,0845,0847,0848})
Product: Gentoo Security Reporter: Vlastimil Babka (Caster) (RETIRED) <caster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: betelgeuse, gnu_andrew, java, proxy-maint
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2010/03/31/icedtea6-172-security-updates-released/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 306579    
Bug Blocks: 330205    

Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-03-30 21:20:54 UTC
Usually vulnerabilities from sun-jdk apply to icedtea as well, and vulnerabilities in sun-jdk were just disclosed (see $URL).
Upstream promised a new 1.7.2 release soon with the patches.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-03-31 12:03:14 UTC
Upstream released, icedtea bumped, building icedtea6-bin. The list of fixed CVE's is in $URL.
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-03-31 15:00:04 UTC
*** Bug 312387 has been marked as a duplicate of this bug. ***
Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-04-01 14:00:08 UTC
Arches, please test and mark stable:
dev-java/icedtea6-bin-1.7.2
Target keywords : "amd64 x86"

dev-java/icedtea is still in ~arch, no stabling here
Comment 4 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-04-01 14:00:38 UTC
*** Bug 307973 has been marked as a duplicate of this bug. ***
Comment 5 Andreas Schürch gentoo-dev 2010-04-02 15:33:56 UTC
Tested on x86, looks good.
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-04-05 14:10:54 UTC
x86 stable, thanks Andreas
Comment 7 Markus Meier gentoo-dev 2010-04-15 21:00:57 UTC
amd64 stable, all arches done.
Comment 8 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2010-07-31 07:52:28 UTC
glsa? probably merge with bug 330205 ?
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2010-11-18 20:43:52 UTC
GLSA with 340819 (at least).
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-06-29 15:28:17 UTC
This issue was resolved and addressed in
 GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml
by GLSA coordinator Mikle Kolyada (Zlogene).