Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 609562

Summary: <dev-java/icedtea{,-bin}-7.2.6.9: multiple vulnerabilities
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: java
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2017/02/14/security-icedtea-2-6-9-for-openjdk-7-released/
Whiteboard: A2 [glsa cve]
Package list:
=dev-java/icedtea-bin-7.2.6.9 amd64 x86
 Runtime testing required: ---
Bug Depends on: 605430    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-16 19:26:33 UTC 
From $URL:

New in release 2.6.9 (2017-02-14)

    Security fixes
        S8138725: Add options for Javadoc generation
        S8140353: Improve signature checking
        S8151934, CVE-2017-3231: Resolve class resolution
        S8156804, CVE-2017-3241: Better constraint checking
        S8158406: Limited Parameter Processing
        S8158997: JNDI Protocols Switch
        S8159507: RuntimeVisibleAnnotation validation
        S8161218: Better bytecode loading
        S8161743, CVE-2017-3252: Provide proper login context
        S8162577: Standardize logging levels
        S8162973: Better component components
        S8164143, CVE-2017-3260: Improve components for menu items
        S8164147, CVE-2017-3261: Improve streaming socket output
        S8165071, CVE-2016-2183: Expand TLS support
        S8165344, CVE-2017-3272: Update concurrency support
        S8166988, CVE-2017-3253: Improve image processing performance
        S8167104, CVE-2017-3289: Additional class construction refinements
        S8167223, CVE-2016-5552: URL handling improvements
        S8168705, CVE-2016-5547: Better ObjectIdentifier validation
        S8168714, CVE-2016-5546: Tighten ECDSA validation
        S8168728, CVE-2016-5548: DSA signing improvments
        S8168724, CVE-2016-5549: ECDSA signing improvments
Comment 1 James Le Cuirot gentoo-dev 2017-03-01 22:31:08 UTC 
I need to figure out bug #605430 before I can build the -bin packages. This is high priority so watch this space.
Comment 2 James Le Cuirot gentoo-dev 2017-03-07 22:01:24 UTC 
Bumps done. Sorry for the wait. icedtea-7.2.6.8 has been removed. amd64 and x86 teams, please stabilize icedtea-bin.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-03-07 22:53:48 UTC 
Added to an existing GLSA.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-03-19 20:56:10 UTC 
x86 stable
Comment 5 James Le Cuirot gentoo-dev 2017-05-23 15:12:13 UTC 
amd64 team, you were too slow. 7.2.6.9 is vulnerable and I'm about to commit the next version.
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-03 10:22:54 UTC 
Cleanup will happen via bug 619458.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2017-07-05 09:12:01 UTC 
This issue was resolved and addressed in
 GLSA 201707-01 at https://security.gentoo.org/glsa/201707-01
by GLSA coordinator Thomas Deutschmann (whissi).