Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 458410 (CVE-2013-1486) - <dev-java/icedtea-{bin}-{6.1.12.4,7.2.3.8}: Multiple vulnerabilities (CVE-2013-{0169,1484,1485,1486})
Summary: <dev-java/icedtea-{bin}-{6.1.12.4,7.2.3.8}: Multiple vulnerabilities (CVE-201...
Status: RESOLVED FIXED
Alias: CVE-2013-1486
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: B2 [glsa]
Keywords:
: 458620 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-02-20 06:47 UTC by Ralph Sennhauser (RETIRED)
Modified: 2015-05-10 21:56 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Sennhauser (RETIRED) gentoo-dev 2013-02-20 06:47:38 UTC
As subject says. See URL.
Comment 1 Ralph Sennhauser (RETIRED) gentoo-dev 2013-02-20 09:09:34 UTC
Now in tree:

=dev-java/icedtea-6.1.12.3
Comment 2 Sean Amoss gentoo-dev Security 2013-02-23 19:14:02 UTC
*** Bug 458620 has been marked as a duplicate of this bug. ***
Comment 3 jeremiah 2013-02-25 14:29:12 UTC
#458620 has been marked the duplicate of this bug (#458410), but the naming is misleading.
Since '620 will be solved here, the name of '410 should be changed to something like (no quotes):
"<dev-java/icedtea-{bin}-6.1.12.3:6, <dev-java/icedtea-{bin}-7.2.3.7:7 : Multiple Vulnerabilities (CVE-2013-{0169,1484,1485,1486})"

Yes, it's petty, but i'm kinda OCD with computer-related things.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 21:57:07 UTC
CVE-2013-1486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0
  Update 39 and earlier allows remote attackers to affect confidentiality,
  integrity, and availability via vectors related to JMX.

CVE-2013-1485 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect
  integrity via unknown vectors related to Libraries.

CVE-2013-1484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484):
  Unspecified vulnerability in the Java Runtime Environment (JRE) component in
  Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect
  confidentiality, integrity, and availability via unknown vectors related to
  Libraries.

CVE-2013-0169 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169):
  The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in
  OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider
  timing side-channel attacks on a MAC check requirement during the processing
  of malformed CBC padding, which allows remote attackers to conduct
  distinguishing attacks and plaintext-recovery attacks via statistical
  analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Comment 5 Sean Amoss gentoo-dev Security 2013-04-20 11:46:57 UTC
Added to existing GLSA draft.
Comment 6 James Le Cuirot gentoo-dev 2015-05-10 21:56:48 UTC
I'm just going to close this since no one cares. These versions have long gone.