Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 691238

Summary: <dev-java/icedtea{,-bin}-3.13.0: multiple vulnerabilities
Product: Gentoo Security Reporter: Andrew John Hughes <gnu_andrew>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: java
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B3 [noglsa]
Package list:
dev-java/icedtea-bin-3.13.0
Runtime testing required: ---

Description Andrew John Hughes 2019-08-01 16:05:12 UTC
Security fixes [0]
  - S8191073: JpegImageReader throws IndexOutOfBoundsException when trying to read image data from tables-only image
  - S8208698, CVE-2019-2745: Improved ECC Implementation
  - S8212328, CVE-2019-2762: Exceptional throw cases
  - S8213431, CVE-2019-2766: Improve file protocol handling
  - S8213432, CVE-2019-2769: Better copies of CopiesList
  - S8216381, CVE-2019-2786: More limited privilege usage
  - S8217563: Improve realm maintenance
  - S8218863: Better endpoint checks
  - S8218873: Improve JSSE endpoint checking
  - S8218876, CVE-2019-7317: Improve PNG support options
  - S8219018: Adjust positions of glyphs
  - S8219020: Table alternate substitutions
  - S8219775: Certificate validation improvements
  - S8220192: Better outlook for SecureRandom
  - S8220517: Enhanced GIF support
  - S8221518, CVE-2019-2816: Normalize normalization
  - S8223511, CVE-2019-2842: Extended AES support

Updated IcedTea build is available in java-overlay and should be imported into the main tree.

Existing ebuilds for 3.10, 3.11 & 3.12 should all be removed.

[0] http://bitly.com/31300



Reproducible: Always
Comment 1 Georgy Yakovlev archtester gentoo-dev 2019-08-02 01:27:27 UTC
building binpkgs, source ebuild imported in the tree as of https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-java/icedtea/icedtea-3.13.0.ebuild?id=34df220e9f497978f40a1359756bbf3da1023115
Comment 2 Larry the Git Cow gentoo-dev 2019-08-15 19:10:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9d2f309e17d0f26bc5a74e808065eb47568de01

commit b9d2f309e17d0f26bc5a74e808065eb47568de01
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-15 19:09:39 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-15 19:09:39 +0000

    dev-java/icedtea-bin: bump to 3.13.0
    
    arm amd64 and x86 for now, ppc64 and arm64 will follow
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea-bin/Manifest                  |   8 ++
 dev-java/icedtea-bin/icedtea-bin-3.13.0.ebuild | 161 +++++++++++++++++++++++++
 2 files changed, 169 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2019-08-16 02:54:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188d6d0a392d0f6232ec2bfc9db1d3d6b8987eff

commit 188d6d0a392d0f6232ec2bfc9db1d3d6b8987eff
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-16 02:54:18 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-16 02:54:18 +0000

    dev-java/icedtea-bin: add arm64, ppc64 and ppc64le tarballs for 3.13.0
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea-bin/Manifest                  | 6 ++++++
 dev-java/icedtea-bin/icedtea-bin-3.13.0.ebuild | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
Comment 4 Georgy Yakovlev archtester gentoo-dev 2019-08-16 02:57:16 UTC
Arches, can you please stabilize dev-java/icedtea-bin-3.13.0
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-08-16 21:36:27 UTC
arm64 stable
Comment 6 Thomas Deutschmann gentoo-dev 2019-08-16 22:39:24 UTC
x86 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2019-08-17 20:51:38 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-08-18 21:52:18 UTC
amd64 stable.

Maintainer(s), please cleanup.
Comment 9 Larry the Git Cow gentoo-dev 2019-08-19 04:37:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77d62e01ad0326205d332f2882462ff2a88b49b1

commit 77d62e01ad0326205d332f2882462ff2a88b49b1
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-19 04:34:27 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-19 04:36:43 +0000

    dev-java/icedtea: drop 3.12.0
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea/Manifest                  |  11 -
 dev-java/icedtea/files/generate-cacerts.pl | 358 ---------------------------
 dev-java/icedtea/icedtea-3.12.0.ebuild     | 385 -----------------------------
 3 files changed, 754 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=813f022765a20733f29ff69032035aae636c28a5

commit 813f022765a20733f29ff69032035aae636c28a5
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-19 04:32:34 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-19 04:36:42 +0000

    dev-java/icedtea: drop 3.11.0
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea/Manifest              |  11 -
 dev-java/icedtea/icedtea-3.11.0.ebuild | 385 ---------------------------------
 2 files changed, 396 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=285287222fa88edca30db979215f53d3682e6e89

commit 285287222fa88edca30db979215f53d3682e6e89
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-19 04:31:54 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-19 04:36:41 +0000

    dev-java/icedtea: drop 3.10.0
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea/Manifest              |  11 -
 dev-java/icedtea/icedtea-3.10.0.ebuild | 390 ---------------------------------
 dev-java/icedtea/metadata.xml          |   1 -
 3 files changed, 402 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=551357fa141e66a97966a9b412d23c722055908f

commit 551357fa141e66a97966a9b412d23c722055908f
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-19 04:29:42 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-19 04:36:41 +0000

    dev-java/icedtea-bin: drop 3.12.0-r1
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea-bin/Manifest                     |  14 --
 dev-java/icedtea-bin/icedtea-bin-3.12.0-r1.ebuild | 165 ----------------------
 2 files changed, 179 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68f6997f62bddbd57c0a181ffb2b4631933e4cf4

commit 68f6997f62bddbd57c0a181ffb2b4631933e4cf4
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2019-08-19 04:27:23 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2019-08-19 04:36:40 +0000

    dev-java/icedtea-bin: drop 3.10.0-r2
    
    Bug: https://bugs.gentoo.org/691238
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea-bin/Manifest                     |  14 --
 dev-java/icedtea-bin/icedtea-bin-3.10.0-r2.ebuild | 160 ----------------------
 2 files changed, 174 deletions(-)
Comment 10 Georgy Yakovlev archtester gentoo-dev 2019-08-19 04:37:55 UTC
cleaned up!