Summary: | <dev-java/icedtea{,-bin}-7.2.6.6-r1: Multiple vulnerabilties (CVE-2016-{0686,0687,0695,3422,3425,3427,3443,3449}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | James Le Cuirot <chewi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=581238 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
James Le Cuirot
2016-04-24 10:09:38 UTC
Bumped. amd64 and x86 arch teams, please stabilise: dev-java/icedtea-bin-7.2.6.6 Had to bump to -r1 because I forgot to increase the glibc dependency. amd64 and x86 arch teams, please stabilise: dev-java/icedtea-bin-7.2.6.6-r1 amd64 stable Ping x86 team! CVE-2016-3449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3449): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. CVE-2016-3443 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3443): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. CVE-2016-3427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3427): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. CVE-2016-3425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3425): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. CVE-2016-3422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3422): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. CVE-2016-0695 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0695): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. CVE-2016-0687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0687): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. CVE-2016-0686 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0686): Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. Added to existing GLSA. x86 team still hasn't dealt with this one. :( x86 stable. Maintainer(s), please cleanup. Old removed. Security team, please continue. This issue was resolved and addressed in GLSA 201606-18 at https://security.gentoo.org/glsa/201606-18 by GLSA coordinator Aaron Bauman (b-man). |