Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508270 - <dev-java/icedtea-bin-{6.1.13.3,7.2.4.7}: multiple vulnerabilities (CVE-2013-{6629,6954},CVE-2014-{0429,0446,0451,0452,0453,0456,0457,0458,0459,0460,0461,1876,2397,2403,2412,2414,2421,2423,2427,2398})
Summary: <dev-java/icedtea-bin-{6.1.13.3,7.2.4.7}: multiple vulnerabilities (CVE-2013-...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: 499464 524560
  Show dependency tree
 
Reported: 2014-04-20 19:37 UTC by Agostino Sarubbo
Modified: 2015-05-10 22:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-20 19:37:08 UTC
From $URL:

Security fixes
S8023046: Enhance splashscreen support
S8025005: Enhance CORBA initializations
S8025010, CVE-2014-2412: Enhance AWT contexts
S8025030, CVE-2014-2414: Enhance stream handling
S8025152, CVE-2014-0458: Enhance activation set up
S8026067: Enhance signed jar verification
S8026163, CVE-2014-2427: Enhance media provisioning
S8026188, CVE-2014-2423: Enhance envelope factory
S8026200: Enhance RowSet Factory
S8026736, CVE-2014-2398: Enhance Javadoc pages
S8026797, CVE-2014-0451: Enhance data transfers
S8026801, CVE-2014-0452: Enhance endpoint addressing
S8027766, CVE-2014-0453: Enhance RSA processing
S8027775: Enhance ICU code.
S8027841, CVE-2014-0429: Enhance pixel manipulations
S8028385: Enhance RowSet Factory
S8029282, CVE-2014-2403: Enhance CharInfo set up
S8029286: Enhance subject delegation
S8029699: Update Poller demo
S8029730: Improve audio device additions
S8029735: Enhance service mgmt natives
S8029740, CVE-2014-0446: Enhance handling of loggers
S8029750: Enhance LCMS color processing (LCMS 2 only)
S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg)
S8029854, CVE-2014-2421: Enhance JPEG decodings
S8029858, CVE-2014-0456: Enhance array copies
S8030731, CVE-2014-0460: Improve name service robustness
S8031330: Refactor ObjectFactory
S8031335, CVE-2014-0459: Better color profiling (LCMS 2 only)
S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng)
S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader
S8031395: Enhance LDAP processing
S8033618, CVE-2014-1876: Correct logging output
S8034926, CVE-2014-2397: Attribute classes properly
S8036794, CVE-2014-0461: Manage JavaScript instances

Please make the binary.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2014-05-31 21:07:17 UTC
Please stabilize icedtea-bin-6.1.13.3
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2014-06-02 22:30:29 UTC
dev-java/icedtea-bin-7.2.4.7 also bumped (not stable)
Comment 3 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2014-06-03 06:35:41 UTC
(In reply to Vlastimil Babka (Caster) from comment #1)
> Please stabilize icedtea-bin-6.1.13.3

Alternatively, stabilize directly the -r1 together with icedtea-web in bug 501472
Comment 4 Agostino Sarubbo gentoo-dev 2014-06-08 09:46:28 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-06-08 09:46:35 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2014-06-17 18:08:12 UTC
Arches, Thank you for your work
Maintainer(s), please drop the vulnerable version.

Added to existing GLSA Request
Comment 7 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2014-06-29 13:52:33 UTC
+  29 Jun 2014; Tom Wijsman <TomWij@gentoo.org> -icedtea-bin-6.1.12.7.ebuild,
+  -icedtea-bin-7.2.4.3.ebuild:
+  Cleanup for security bug #508270.
Comment 8 James Le Cuirot gentoo-dev 2015-05-10 22:32:57 UTC
I'm just going to close this since no one cares. These versions have long gone.