Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 360431 - <dev-java/ibm-{jre,jdk}-bin-{1.5.0.12_p4,1.6.0.9_p1}: Multiple vulnerabilities including Double.parseDouble Denial-Of-Service (CVE-2010-4476)
Summary: <dev-java/ibm-{jre,jdk}-bin-{1.5.0.12_p4,1.6.0.9_p1}: Multiple vulnerabilitie...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://www.ibm.com/developerworks/ja...
Whiteboard: B? [glsa]
Keywords:
: 355729 (view as bug list)
Depends on: 352603 CVE-2010-4476
Blocks: java-security
  Show dependency tree
 
Reported: 2011-03-25 15:05 UTC by Vlastimil Babka (Caster) (RETIRED)
Modified: 2016-03-05 11:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-25 15:05:03 UTC
There are new ibm jdk versions fixing CVE-2010-4476 (and probably other security bugs too).
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-25 15:10:56 UTC
*** Bug 355729 has been marked as a duplicate of this bug. ***
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-03-25 16:31:45 UTC
Please stabilize:
dev-java/ibm-jdk-bin-1.5.0.12_p4
dev-java/ibm-jre-bin-1.5.0.12_p4

dev-java/ibm-jdk-bin-1.6.0.9_p1
dev-java/ibm-jre-bin-1.6.0.9_p1

distfiles as usual (ssh d.g.o:~caster/tmp)
Comment 3 Andreas Schürch gentoo-dev 2011-03-25 21:03:22 UTC
Tested on x86, looks good here.
Comment 4 Christoph Mende (RETIRED) gentoo-dev 2011-03-26 07:02:37 UTC
amd64 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2011-03-26 09:41:38 UTC
x86 stable, thanks Andreas
Comment 6 Brent Baude (RETIRED) gentoo-dev 2011-03-26 14:13:04 UTC
ppc and ppc64 done
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2011-03-26 14:53:00 UTC
Thanks, folks. Added to existing GLSA request.
Comment 8 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-05 11:46:39 UTC
Last vulnerable package dropped on 3 Aug 2011 per [0]

  03 Aug 2011; Vlastimil Babka <caster@gentoo.org>
+  -ibm-jre-bin-1.5.0.12_p3.ebuild, +ibm-jre-bin-1.5.0.12_p5.ebuild,
+  -ibm-jre-bin-1.6.0.9.ebuild, +ibm-jre-bin-1.6.0.9_p2.ebuild:
+  Version bump, security bug #377623.


[0]: https://gitweb.gentoo.org/data/gentoo-changelogs.git/diff/dev-java/ibm-jre-bin/ChangeLog-2015?id=24fda3d26454a64df85305138f44cae40c7b9678