Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 607676

Summary: <dev-java/icedtea{,-bin}-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289})
Product: Gentoo Security Reporter: James Le Cuirot <chewi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: java
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2017/01/28/security-icedtea-3-3-0-for-openjdk-8-released/
Whiteboard: A2 [glsa cve]
Package list:
=dev-java/icedtea-bin-3.3.0 amd64 ppc64 x86
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 605430    

Description James Le Cuirot gentoo-dev 2017-01-29 23:09:48 UTC 
Bump coming imminently. Unfortunately the ppc64 dev box (timberdoodle) has died so I am unable to build for that arch right now. I may attempt to set up the replacement this week. Otherwise I'm not sure what we can do without breaking the tree. Let's at least get the other arches stable to deal with bug #605430.
Comment 1 James Le Cuirot gentoo-dev 2017-01-29 23:18:44 UTC 
Bumps done. icedtea-3.2.0 has been removed. amd64 and x86 teams, please stabilize icedtea-bin.
Comment 2 Agostino Sarubbo gentoo-dev 2017-01-30 13:10:41 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-01-31 11:45:43 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 James Le Cuirot gentoo-dev 2017-01-31 11:50:20 UTC 
(In reply to Agostino Sarubbo from comment #3)
> Maintainer(s), please cleanup.
> Security, please add it to the existing request, or file a new one.

Can't clean up until ppc64 is sorted out. We're working on it.
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-31 16:37:27 UTC 
New GLSA request filed.
Comment 6 James Le Cuirot gentoo-dev 2017-02-20 22:53:07 UTC 
This has now been keyworded for ppc64 so please stabilize that.
Comment 7 Michael Weber (RETIRED) gentoo-dev 2017-02-24 00:24:54 UTC 
ppc64 stable, last arch.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2017-02-24 00:48:38 UTC 
Arches and Maintainer(s). Thank you for your work.
Maintainer(s), please drop the vulnerable version(s).
Comment 9 James Le Cuirot gentoo-dev 2017-02-24 10:31:47 UTC 
Old removed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-07-05 09:11:52 UTC 
This issue was resolved and addressed in
 GLSA 201707-01 at https://security.gentoo.org/glsa/201707-01
by GLSA coordinator Thomas Deutschmann (whissi).