CVE-2011-3561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2011-3560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. CVE-2011-3558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot. CVE-2011-3557 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. CVE-2011-3556 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI. CVE-2011-3555 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors. CVE-2011-3554 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. CVE-2011-3553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. CVE-2011-3552 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. CVE-2011-3551 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2011-3550 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. CVE-2011-3549 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. CVE-2011-3548 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. CVE-2011-3547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. CVE-2011-3546 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. CVE-2011-3545 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. CVE-2011-3544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. CVE-2011-3521 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. CVE-2011-3516 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516): Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2011-3389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389): The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
*** Bug 388055 has been marked as a duplicate of this bug. ***
oracle-jdk-bin and -jre-bin 1.7 bumped, slot is not yet stable for sun-jdk:1.6 (and sun-jre-bin and app-emulation/emul-linux-x86-java) there are more changes needed as upstream changed packaging (and it'll be fetch restricted again :(
Please stabilize: dev-java/sun-jdk-1.6.0.29 dev-java/sun-jre-bin-1.6.0.29 (amd64 only) app-emulation/emul-linux-x86-java-1.6.0.29
x86 stable
For the glsa: note that icedtea6-bin has been renamed to icedtea-bin
amd64 done
This issue was resolved and addressed in GLSA 201111-02 at http://security.gentoo.org/glsa/glsa-201111-02.xml by GLSA coordinator Alex Legler (a3li).