I'm going to bump icedtea and icedtea-bin now. icedtea doesn't get marked stable so the vulnerable versions will be cleared immediately.
amd64 and x86 arch teams, please stabilise: dev-java/icedtea-bin-7.2.6.4
amd64 stable
x86 stable. Maintainer(s), please cleanup.
Thanks ago! Old removed. Security team, please continue.
Added to existing GLSA request.
None of these apply to Java: CVE-2015-{7575,8126,8472}
(In reply to Aaron Bauman from comment #6) > None of these apply to Java: > > CVE-2015-{7575,8126,8472} They were mentioned in gnu_andrew's blog post in contexts relating to Java. I'm not sure how CVE-2015-{8126,8472} applies as libpng is used but not bundled. Regarding CVE-2015-7575, it says "further reduce use of MD5" which is presumably an attempt to mitigate the issue.
Typo in the bug report title.
This issue was resolved and addressed in GLSA 201603-14 at https://security.gentoo.org/glsa/201603-14 by GLSA coordinator Kristian Fiskerstrand (K_F).