Summary: | <dev-java/icedtea{,-bin}-7.2.6.4: Multiple vulnerabilities (CVE-2016-{0402,0448,0466,0483,0494}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | James Le Cuirot <chewi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.fuseyism.com/index.php/2016/01/21/security-icedtea-2-6-4-for-openjdk-7-released/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
James Le Cuirot
2016-01-23 19:27:38 UTC
amd64 and x86 arch teams, please stabilise: dev-java/icedtea-bin-7.2.6.4 amd64 stable x86 stable. Maintainer(s), please cleanup. Thanks ago! Old removed. Security team, please continue. Added to existing GLSA request. None of these apply to Java: CVE-2015-{7575,8126,8472} (In reply to Aaron Bauman from comment #6) > None of these apply to Java: > > CVE-2015-{7575,8126,8472} They were mentioned in gnu_andrew's blog post in contexts relating to Java. I'm not sure how CVE-2015-{8126,8472} applies as libpng is used but not bundled. Regarding CVE-2015-7575, it says "further reduce use of MD5" which is presumably an attempt to mitigate the issue. Typo in the bug report title. This issue was resolved and addressed in GLSA 201603-14 at https://security.gentoo.org/glsa/201603-14 by GLSA coordinator Kristian Fiskerstrand (K_F). |