* CVE-2010-2783, RH616895: IcedTea ‘Extended JNLP Services’ arbitrary file access * CVE-2010-2548, RH616893: IcedTea Incomplete property access check for unsigned applications New ebuilds in java-overlay. New binaries needed. Reproducible: Always
http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-174-released/
http://blog.fuseyism.com/index.php/2010/07/28/icedtea6-181-released/
I've built new binaries for icedtea6-bin-1.8.1, please stabilize. I also removed the 1.7 series as 1.8 seems to work for users, so we don't need the 1.7.4 bump. The source version in main tree in dev-java/icedtea was also bumped, but since the package is not stable yet, there's nothing more to do.
Installs fine on x86. Rdep builds against this version. Please mark stable for x86.
x86 stable, thanks Myckel
amd64 done
There are some fixes in 1.7.4 that didn't make 1.8.1. I can understand you not wanting to maintain two binaries, but both ebuild streams in the overlay will be retained.
Rating B3 [ebuild?]. Vlastimil, please see Andrew's last comment.
(In reply to comment #8) > Rating B3 [ebuild?]. > > Vlastimil, please see Andrew's last comment. He didn't mean security fixes but general bugfixes. 1.8.1 is thus fine.
To elaborate, 1.7.4 has: S6668231: Presence of a critical subjectAltName causes JSSE's SunX509 to fail trusted checks. S6963870: Eliminate NullPointerEx in swing class CompoundBorder method getBorderInsets. PR453, OJ100142: Fix policy evaluation to match the proprietary JDK. and a number of javadoc fixes which didn't make 1.8.1. We could add these locally to the ebuild.
GLSA Vote: yes, perhaps with 340819.
Yes, added.
This issue was resolved and addressed in GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml by GLSA coordinator Mikle Kolyada (Zlogene).