Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 685480

Summary: <dev-java/icedtea{,-bin}: 3.12.0: Multiple vulnerabilties
Product: Gentoo Security Reporter: Andrew John Hughes <gnu_andrew>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bitly.com/it31200
Whiteboard: ~2 [noglsa]
Package list:
dev-java/icedtea-bin-3.12.0-r1 amd64 arm64 ppc64 x86 sys-apps/baselayout-java-0.1.0-r1 amd64 ppc64 x86
 Runtime testing required: ---

Description Andrew John Hughes 2019-05-09 19:44:26 UTC 
http://bitly.com/it31100
http://bitly.com/it31200

Updated IcedTea ebuild is in java-overlay.

Reproducible: Always
Comment 1 Georgy Yakovlev archtester gentoo-dev 2019-05-10 03:34:13 UTC 
icedtea-3.12.0 imported to ::gentoo

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68b92d20df5ba65b88315695c6c17af4e4eab0a9


building icedtea-bin now, might take a while for minor arches, but I'll try uploading x86 and amd64 within couple of hours.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-05-10 03:49:30 UTC 
Please let us know once the tree is clean of vulnerable ebuilds.
Comment 3 Larry the Git Cow gentoo-dev 2019-05-10 05:31:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ae7e3e56c75f90b80655c22359195db193cbddc

commit 8ae7e3e56c75f90b80655c22359195db193cbddc
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-05-10 05:30:40 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-05-10 05:30:40 +0000

    dev-java/icedtea-bin: bump to 3.12.0, x86 and amd64 only
    
    Other arches will follow.
    
    Bug: https://bugs.gentoo.org/685480
    Package-Manager: Portage-2.3.66, Repoman-2.3.12
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea-bin/Manifest                  |   6 +
 dev-java/icedtea-bin/icedtea-bin-3.12.0.ebuild | 161 +++++++++++++++++++++++++
 2 files changed, 167 insertions(+)
Comment 4 Georgy Yakovlev archtester gentoo-dev 2019-05-10 19:51:38 UTC 
re-added ppc64 be and le
arm and arm64 will follow a bit later, takes a while to build =)

after I add all tarballs I'll request faststable.
Comment 5 Georgy Yakovlev archtester gentoo-dev 2019-06-01 22:47:08 UTC 
arches please stabilize

there is no arm build for 3.12 as of now, please don't drop 3.10 yet, I'll drop it after I build 3.12 binpkg.
Comment 6 Georgy Yakovlev archtester gentoo-dev 2019-06-20 19:04:17 UTC 
I missed adding arches to CC, fixing.
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-21 08:03:28 UTC 
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-06-21 11:08:09 UTC 
x86 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2019-06-22 10:33:51 UTC 
ppc64 stable
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2019-07-22 02:52:19 UTC 
arm64 stable
Comment 11 Georgy Yakovlev archtester gentoo-dev 2019-08-19 04:38:43 UTC 
vulnerable versions cleaned up. this is obsolete in favor for https://bugs.gentoo.org/691238
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 06:20:52 UTC 
Tree is clean.