Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 607676

Summary: <dev-java/icedtea{,-bin}-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289})
Product: Gentoo Security Reporter: James Le Cuirot <chewi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: java
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2017/01/28/security-icedtea-3-3-0-for-openjdk-8-released/
Whiteboard: A2 [glsa cve]
Package list:
=dev-java/icedtea-bin-3.3.0 amd64 ppc64 x86
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 605430    

Description James Le Cuirot gentoo-dev 2017-01-29 23:09:48 UTC
Bump coming imminently. Unfortunately the ppc64 dev box (timberdoodle) has died so I am unable to build for that arch right now. I may attempt to set up the replacement this week. Otherwise I'm not sure what we can do without breaking the tree. Let's at least get the other arches stable to deal with bug #605430.
Comment 1 James Le Cuirot gentoo-dev 2017-01-29 23:18:44 UTC
Bumps done. icedtea-3.2.0 has been removed. amd64 and x86 teams, please stabilize icedtea-bin.
Comment 2 Agostino Sarubbo gentoo-dev 2017-01-30 13:10:41 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-01-31 11:45:43 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 James Le Cuirot gentoo-dev 2017-01-31 11:50:20 UTC
(In reply to Agostino Sarubbo from comment #3)
> Maintainer(s), please cleanup.
> Security, please add it to the existing request, or file a new one.

Can't clean up until ppc64 is sorted out. We're working on it.
Comment 5 Thomas Deutschmann gentoo-dev 2017-01-31 16:37:27 UTC
New GLSA request filed.
Comment 6 James Le Cuirot gentoo-dev 2017-02-20 22:53:07 UTC
This has now been keyworded for ppc64 so please stabilize that.
Comment 7 Michael Weber (RETIRED) gentoo-dev 2017-02-24 00:24:54 UTC
ppc64 stable, last arch.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2017-02-24 00:48:38 UTC
Arches and Maintainer(s). Thank you for your work.
Maintainer(s), please drop the vulnerable version(s).
Comment 9 James Le Cuirot gentoo-dev 2017-02-24 10:31:47 UTC
Old removed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-07-05 09:11:52 UTC
This issue was resolved and addressed in
 GLSA 201707-01 at https://security.gentoo.org/glsa/201707-01
by GLSA coordinator Thomas Deutschmann (whissi).