IcedTea 6: http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-1-11-9-1-12-4-for-openjdk-6-released/ IcedTea 7: http://blog.fuseyism.com/index.php/2013/03/12/security-icedtea-2-1-7-2-2-7-2-3-8-for-openjdk-7-released/
The following are now in tree: =dev-java/icedtea-6.1.12.4 =dev-java/icedtea-7.2.3.8 Bumps for older branches can be found in java-overlay. Thanks goes to Andrew John Hughes.
(In reply to comment #1) > The following are now in tree: > > =dev-java/icedtea-6.1.12.4 > =dev-java/icedtea-7.2.3.8 > > Bumps for older branches can be found in java-overlay. Thanks goes to Andrew > John Hughes. Why there isn't in tree a fixed version for dev-java/icedtea-bin ?
CVE-2013-1493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493): The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. CVE-2013-0809 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809): Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
(In reply to comment #2) > Why there isn't in tree a fixed version for dev-java/icedtea-bin ? Because I slack! But now there are. Please stabilize =dev-java/icedtea-bin-6.1.12.4
x86 stable
amd64 stable
Added to existing GLSA draft.
I'm just going to close this since no one cares. These versions have long gone.
