Version bumps are now in tree.
The following need to be stabilized on amd64:
The following need to be stabilized on x86:
*** Bug 460470 has been marked as a duplicate of this bug. ***
The color management (CMM) functionality in the 2D component in Oracle Java
SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and
earlier allows remote attackers to execute arbitrary code or cause a denial
of service (crash) via an image with crafted raster parameters, which
triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as
exploited in the wild in February 2013.
Unspecified vulnerability in the 2D component in the Java Runtime
Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6
Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers
to execute arbitrary code via unknown vectors, a different vulnerability
This issue was resolved and addressed in
GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml
by GLSA coordinator Sean Amoss (ackle).