Summary: | <dev-java/icedtea{,-bin}-{6.1.12.4,7.2.3.8}: multiple vulnerabilities (CVE-2013-{0809,1493}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ralph Sennhauser (RETIRED) <sera> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Ralph Sennhauser (RETIRED)
2013-03-14 10:28:27 UTC
The following are now in tree: =dev-java/icedtea-6.1.12.4 =dev-java/icedtea-7.2.3.8 Bumps for older branches can be found in java-overlay. Thanks goes to Andrew John Hughes. (In reply to comment #1) > The following are now in tree: > > =dev-java/icedtea-6.1.12.4 > =dev-java/icedtea-7.2.3.8 > > Bumps for older branches can be found in java-overlay. Thanks goes to Andrew > John Hughes. Why there isn't in tree a fixed version for dev-java/icedtea-bin ? CVE-2013-1493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493): The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. CVE-2013-0809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809): Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. (In reply to comment #2) > Why there isn't in tree a fixed version for dev-java/icedtea-bin ? Because I slack! But now there are. Please stabilize =dev-java/icedtea-bin-6.1.12.4 x86 stable amd64 stable Added to existing GLSA draft. I'm just going to close this since no one cares. These versions have long gone. |