7.2.4.1 was released which fixes security bugs http://blog.fuseyism.com/index.php/2013/07/08/security-icedtea-2-4-1-for-openjdk-7-released/
+ 20 Jul 2013; Tom Wijsman <TomWij@gentoo.org> +icedtea-7.2.4.1.ebuild: + Version bump to 7.2.4.1, I plan to do the 6.1.12.6 bump tomorrow; fixes bug + #477210, reported by wbrana. Removed zero hotspot tarball fetch due to + http://icedtea.classpath.org/hg/release/icedtea7-2.4/rev/08d655f1631e Thank you for reporting.
CVE list: CVE-2013-1500 CVE-2013-1571 CVE-2013-2412 CVE-2013-2407 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 As far as I can tell these were all also Oracle Java bugs too. The CVEs have a constant refrain of affecting confidentiality, integrity, and availablility, so calling this a B3 - denial of service. @maintainers: ack 6.1.12.6 stable, please. We'll leave 7 since it's only in ~ right now.
(In reply to Chris Reffett from comment #2) > @maintainers: ack 6.1.12.6 stable, please. We'll leave 7 since it's only in > ~ right now. Not yet. Stable applies only to icedtea-bin:6 and I'm yet building that.
Please stabilize dev-java/icedtea-bin-6.1.12.6
amd64 stable
x86 stable
GLSA vote: yes.
GLSA vote: yes Added to existing GLSA draft
I'm just going to close this since no one cares. These versions have long gone.