From the upstream notification at $URL: IcedTea-Web 1.1.6 and 1.2.1 have now been released. In addition to bug fixes, they include 2 security fixes and it is therefore recommended that everyone upgrade to this release. The security issues fixed are: RH840592, CVE-2012-3422: Use of uninitialized instance pointers RH841345, CVE-2012-3423: Incorrect handling of non 0-terminated strings
Added the following to tree: =dev-java/icedtea-web-1.2.1 =dev-java/icedtea-web-1.2.1-r7 Thanks for the report. PS: New icedtea-bin packages still need to be added.
(In reply to comment #1) > Added the following to tree: > > =dev-java/icedtea-web-1.2.1 > =dev-java/icedtea-web-1.2.1-r7 > > Thanks for the report. > > PS: New icedtea-bin packages still need to be added. I've prepared everything for icedtea-bin and during tests I found icedtea-web-1.2.1 (and -r7) crashes my firefox immediately on the test applet http://www.java.com/en/download/testjava.jsp. Did it work for you sera?
Yes, works fine for me with Firefox 10.0.5 and icedtea-6.1.11.3 resp. icedtea-7.2.2.1.
Crashes on two boxes so far with firefox 14.0.1 and archlinux people reported this upstream already http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1106
So, I fixed icedtea-web with a patch whose idea upstream confirmed. Due to the security bug I've created icedtea-bin based on that. Please stabilize dev-java/icedtea-bin-6.1.11.3-r1 including test of the nsplugin.
amd64 stable
(In reply to comment #5) > Please stabilize dev-java/icedtea-bin-6.1.11.3-r1 including test of the > nsplugin. x86 done
CVE-2012-3423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423): The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. CVE-2012-3422 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422): The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.
Thanks, everyone. Added to existing GLSA request.
While the Sun test applet starts after a delay with 1.2.1-r8 and FF 14.0.1 (AMD) the applet on this page fails to start, also using bin-6 or bin-7. http://toolserver.org/~ayacop/EditorApplet.html (it's the newest JChemPaint applet). Start: Applet not initialized Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Unknown Main-Class. Could not determine the main class for this application. at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:511) at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:204) The applet loads fine with sun-jre-bin, however.
(In reply to comment #10) > While the Sun test applet starts after a delay with 1.2.1-r8 and FF 14.0.1 > (AMD) the applet on this page fails to start, also using bin-6 or bin-7. > > http://toolserver.org/~ayacop/EditorApplet.html > Works for me with icedtea-web 1.3, so removed vulnerable versions from tree.
I'm just going to close this since no one cares. These versions have long gone.