Bug 581238

Summary:	<dev-java/icedtea{,-bin}-3.0.1: Multiple vulnerabilties (CVE-2016-{0686,0687,0695,3422,3425,3427,3443,3449})
Product:	Gentoo Security	Reporter:	James Le Cuirot <chewi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	java
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=581028
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description James Le Cuirot gentoo-dev

2016-04-26 09:01:18 UTC

I'm going to bump icedtea and icedtea-bin now. icedtea doesn't get marked stable so the vulnerable versions will be cleared immediately.

Sorry about the number of these lately but that's Java for you. They're somewhat related but I deal with the releases as they appear and Java 8 has one additional vulnerability. I'm hoping to drop Java 7 by the end of the year, which should reduce these by about a third.

Comment 1 James Le Cuirot gentoo-dev

2016-04-26 12:17:58 UTC

Bumped. ppc64 arch team, please stabilise:
dev-java/icedtea-bin-3.0.1

It's about time to get the other arches stable but I'll do that separately.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2016-04-27 12:34:24 UTC

Stable for PPC64. Closing.

Comment 3 James Le Cuirot gentoo-dev

2016-04-27 12:47:44 UTC

Don't close security bugs before they're done! Old has now been removed. Security team, please continue.

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2016-06-25 12:31:41 UTC

Added to existing GLSA.

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2016-06-27 22:43:33 UTC

This issue was resolved and addressed in
 GLSA 201606-18 at https://security.gentoo.org/glsa/201606-18
by GLSA coordinator Aaron Bauman (b-man).