Summary: | <dev-java/icedtea-{bin}-6.1.12.6, <dev-java/icedtea-{bin}-7.2.4.1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | wbrana |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.fuseyism.com/index.php/2013/07/10/security-icedtea-1-11-12-1-12-6-for-openjdk-6-released/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
wbrana
2013-07-17 11:34:37 UTC
+ 20 Jul 2013; Tom Wijsman <TomWij@gentoo.org> +icedtea-7.2.4.1.ebuild: + Version bump to 7.2.4.1, I plan to do the 6.1.12.6 bump tomorrow; fixes bug + #477210, reported by wbrana. Removed zero hotspot tarball fetch due to + http://icedtea.classpath.org/hg/release/icedtea7-2.4/rev/08d655f1631e Thank you for reporting. CVE list: CVE-2013-1500 CVE-2013-1571 CVE-2013-2412 CVE-2013-2407 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 As far as I can tell these were all also Oracle Java bugs too. The CVEs have a constant refrain of affecting confidentiality, integrity, and availablility, so calling this a B3 - denial of service. @maintainers: ack 6.1.12.6 stable, please. We'll leave 7 since it's only in ~ right now. (In reply to Chris Reffett from comment #2) > @maintainers: ack 6.1.12.6 stable, please. We'll leave 7 since it's only in > ~ right now. Not yet. Stable applies only to icedtea-bin:6 and I'm yet building that. Please stabilize dev-java/icedtea-bin-6.1.12.6 amd64 stable x86 stable GLSA vote: yes. GLSA vote: yes Added to existing GLSA draft I'm just going to close this since no one cares. These versions have long gone. |