18.104.22.168 was released which fixes security bugs
+ 20 Jul 2013; Tom Wijsman <TomWij@gentoo.org> +icedtea-22.214.171.124.ebuild:
+ Version bump to 126.96.36.199, I plan to do the 188.8.131.52 bump tomorrow; fixes bug
+ #477210, reported by wbrana. Removed zero hotspot tarball fetch due to
Thank you for reporting.
CVE-2013-1500 CVE-2013-1571 CVE-2013-2412 CVE-2013-2407 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473
As far as I can tell these were all also Oracle Java bugs too. The CVEs have a constant refrain of affecting confidentiality, integrity, and availablility, so calling this a B3 - denial of service.
@maintainers: ack 184.108.40.206 stable, please. We'll leave 7 since it's only in ~ right now.
(In reply to Chris Reffett from comment #2)
> @maintainers: ack 220.127.116.11 stable, please. We'll leave 7 since it's only in
> ~ right now.
Not yet. Stable applies only to icedtea-bin:6 and I'm yet building that.
Please stabilize dev-java/icedtea-bin-18.104.22.168
GLSA vote: yes.
GLSA vote: yes
Added to existing GLSA draft
I'm just going to close this since no one cares. These versions have long gone.