Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 636522

Summary: <dev-java/icedtea,{-bin}-3.6.0: Multiple vulnerabilties
Product: Gentoo Security Reporter: James Le Cuirot <chewi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: java
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://blog.fuseyism.com/index.php/2017/11/02/security-icedtea-3-6-0-for-openjdk-8-released/
Whiteboard: A2 [glsa]
Package list:
=dev-java/icedtea-bin-3.6.0 amd64 ppc64 x86
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 636642    

Description James Le Cuirot gentoo-dev 2017-11-04 15:12:13 UTC 
Bumps coming soon. Unfortunately the ppc64(le) build systems are both down right now for reasons unknown.
Comment 1 James Le Cuirot gentoo-dev 2017-11-04 15:17:59 UTC 
Bumped. Arch teams, please stabilise.
Comment 2 Stabilization helper bot gentoo-dev 2017-11-04 16:00:43 UTC 
An automated check of this bug failed - the following atom is unknown:

dev-java/icedtea-bin-3.6.0

Please verify the atom list.
Comment 3 James Le Cuirot gentoo-dev 2017-11-04 17:53:25 UTC 
Gah, I always forget to push.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-05 21:30:18 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-11-08 13:39:26 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 6 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-08 14:18:06 UTC 
Thank you, new GLSA Request filed.
Comment 7 James Le Cuirot gentoo-dev 2017-11-08 14:26:09 UTC 
Not ready to clean up yet, I still need to generate the ppc64(le) builds. The build systems are being looked at but are not working yet.
Comment 8 James Le Cuirot gentoo-dev 2017-11-09 20:19:14 UTC 
ppc64(le) binaries are up. ppc64 team, please test both big and little endian if possible.
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2017-11-16 19:46:19 UTC 
ppc64 stable
Comment 10 Larry the Git Cow gentoo-dev 2017-11-16 21:06:46 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b56b9571ad8fecd670b88b6bfec3034d36a939b

commit 5b56b9571ad8fecd670b88b6bfec3034d36a939b
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-16 21:06:09 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-16 21:06:09 +0000

    dev-java/icedtea-bin: Remove vulnerable 3.5.1 wrt bug #636522
    
    Bug: https://bugs.gentoo.org/636522
    Package-Manager: Portage-2.3.14, Repoman-2.3.6

 dev-java/icedtea-bin/Manifest                 |  14 ---
 dev-java/icedtea-bin/icedtea-bin-3.5.1.ebuild | 160 --------------------------
 2 files changed, 174 deletions(-)}
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2017-11-19 20:37:38 UTC 
This issue was resolved and addressed in
 GLSA 201711-14 at https://security.gentoo.org/glsa/201711-14
by GLSA coordinator Christopher Diaz Riveros (chrisadr).