http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html Many security fixes are included in this release.
Version bumps are now in tree. The following need to be stabilized on amd64: =app-emulation/emul-linux-x86-java-1.6.0.39 =dev-java/sun-jdk-1.6.0.39 =dev-java/sun-jre-bin-1.6.0.39 The following need to be stabilized on x86: =dev-java/sun-jdk-1.6.0.39 =dev-java/sun-jre-bin-1.6.0.39 =dev-java/oracle-jdk-bin-1.7.0.13 =dev-java/oracle-jre-bin-1.7.0.13
amd64 stable
x86 stable
Adding bug to existing GLSA draft. Adding CVEs to bug at a later time.
CVE-2013-1481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. CVE-2013-1479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVE-2013-1473 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2013-0449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2013-0448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2013-0446 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2013-0445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. CVE-2013-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2013-0437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2013-0430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. CVE-2013-0423 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2013-0419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2013-0409 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. CVE-2013-0351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2012-3342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. CVE-2012-3213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. CVE-2012-1541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
This issue was resolved and addressed in GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml by GLSA coordinator Sean Amoss (ackle).