Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 360431 - <dev-java/ibm-{jre,jdk}-bin-{1.5.0.12_p4,1.6.0.9_p1}: Multiple vulnerabilities including Double.parseDouble Denial-Of-Service (CVE-2010-4476)
Summary: <dev-java/ibm-{jre,jdk}-bin-{1.5.0.12_p4,1.6.0.9_p1}: Multiple vulnerabilitie...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://www.ibm.com/developerworks/ja...
Whiteboard: B? [glsa]
Keywords:
: 355729 (view as bug list)
Depends on: 352603 CVE-2010-4476
Blocks: java-security
  Show dependency tree
 
Reported: 2011-03-25 15:05 UTC by Vlastimil Babka (Caster) (RETIRED)
Modified: 2016-03-05 11:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-25 15:05:03 UTC 
There are new ibm jdk versions fixing CVE-2010-4476 (and probably other security bugs too).
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-25 15:10:56 UTC 
*** Bug 355729 has been marked as a duplicate of this bug. ***
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-25 16:31:45 UTC 
Please stabilize:
dev-java/ibm-jdk-bin-1.5.0.12_p4
dev-java/ibm-jre-bin-1.5.0.12_p4

dev-java/ibm-jdk-bin-1.6.0.9_p1
dev-java/ibm-jre-bin-1.6.0.9_p1

distfiles as usual (ssh d.g.o:~caster/tmp)
Comment 3 Andreas Schürch gentoo-dev 2011-03-25 21:03:22 UTC 
Tested on x86, looks good here.
Comment 4 Christoph Mende (RETIRED) gentoo-dev 2011-03-26 07:02:37 UTC 
amd64 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2011-03-26 09:41:38 UTC 
x86 stable, thanks Andreas
Comment 6 Brent Baude (RETIRED) gentoo-dev 2011-03-26 14:13:04 UTC 
ppc and ppc64 done
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2011-03-26 14:53:00 UTC 
Thanks, folks. Added to existing GLSA request.
Comment 8 Aaron Bauman (RETIRED) gentoo-dev 2016-03-05 11:46:39 UTC 
Last vulnerable package dropped on 3 Aug 2011 per [0]

  03 Aug 2011; Vlastimil Babka <caster@gentoo.org>
+  -ibm-jre-bin-1.5.0.12_p3.ebuild, +ibm-jre-bin-1.5.0.12_p5.ebuild,
+  -ibm-jre-bin-1.6.0.9.ebuild, +ibm-jre-bin-1.6.0.9_p2.ebuild:
+  Version bump, security bug #377623.


[0]: https://gitweb.gentoo.org/data/gentoo-changelogs.git/diff/dev-java/ibm-jre-bin/ChangeLog-2015?id=24fda3d26454a64df85305138f44cae40c7b9678