Bug 375977 (CVE-2011-2513)

Summary:	<dev-java/icedtea6-bin-1.10.3 ,<dev-java/icedtea-web-1.1.1: multiple vulnerabilities (CVE-2011-{2513,2514})
Product:	Gentoo Security	Reporter:	Vlastimil Babka (Caster) (RETIRED) <caster>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	java
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://dbhole.wordpress.com/2011/07/20/icedtea-web-1-0-4-and-1-1-1-security-releases-released/
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	215614, 247140

Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2011-07-22 09:05:31 UTC

icedtea-web-1.1.1 fixes following vulnerabilities:

RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation

icedtea6-bin contains also binary version of this package, so has to be bumped as well

Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2011-07-22 09:09:24 UTC

dev-java/icedtea-web-1.1.1 in tree, going to build icedtea6-bin

Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2011-07-24 10:14:21 UTC

Please stabilize dev-java/icedtea6-bin-1.10.3

Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-07-24 18:57:02 UTC

x86 stable

Comment 4 Ian Delaney (RETIRED) gentoo-dev

2011-07-25 05:38:36 UTC

amd64:

dev-java/icedtea6-bin-1.10.3 only, AOK

icedtea-web has another dep.

Comment 5 Agostino Sarubbo gentoo-dev

2011-07-25 11:26:29 UTC

@Ian, we must stabilize only icedtea6-bin not web :)

amd64 ok

Comment 6 Ian Delaney (RETIRED) gentoo-dev

2011-07-25 15:07:10 UTC

Ago

I agree, exactly what I did

Comment 7 Markos Chandras (RETIRED) gentoo-dev

2011-08-02 14:59:44 UTC

amd64 done. Thanks Ian and Agostino

Comment 8 Tim Sammut (RETIRED) gentoo-dev

2011-08-17 17:35:12 UTC

Thanks, folks. GLSA Vote: no.

Comment 9 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 22:36:25 UTC

Vote: NO. Closing noglsa.