607676 – <dev-java/icedtea{,-bin}-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289})

Bug 607676 - <dev-java/icedtea{,-bin}-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289})

Summary: <dev-java/icedtea{,-bin}-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	http://blog.fuseyism.com/index.php/20...
Whiteboard:	A2 [glsa cve]
Keywords:

Depends on:
Blocks:	605430
	Show dependency tree

Reported:	2017-01-29 23:09 UTC by James Le Cuirot
Modified:	2017-07-05 09:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=dev-java/icedtea-bin-3.3.0 amd64 ppc64 x86
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Le Cuirot gentoo-dev

2017-01-29 23:09:48 UTC

Bump coming imminently. Unfortunately the ppc64 dev box (timberdoodle) has died so I am unable to build for that arch right now. I may attempt to set up the replacement this week. Otherwise I'm not sure what we can do without breaking the tree. Let's at least get the other arches stable to deal with bug #605430.

Comment 1 James Le Cuirot gentoo-dev

2017-01-29 23:18:44 UTC

Bumps done. icedtea-3.2.0 has been removed. amd64 and x86 teams, please stabilize icedtea-bin.

Comment 2 Agostino Sarubbo gentoo-dev

2017-01-30 13:10:41 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2017-01-31 11:45:43 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 4 James Le Cuirot gentoo-dev

2017-01-31 11:50:20 UTC

(In reply to Agostino Sarubbo from comment #3)
> Maintainer(s), please cleanup.
> Security, please add it to the existing request, or file a new one.

Can't clean up until ppc64 is sorted out. We're working on it.

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-31 16:37:27 UTC

New GLSA request filed.

Comment 6 James Le Cuirot gentoo-dev

2017-02-20 22:53:07 UTC

This has now been keyworded for ppc64 so please stabilize that.

Comment 7 Michael Weber (RETIRED) gentoo-dev

2017-02-24 00:24:54 UTC

ppc64 stable, last arch.

Comment 8 Yury German Gentoo Infrastructure

2017-02-24 00:48:38 UTC

Arches and Maintainer(s). Thank you for your work.
Maintainer(s), please drop the vulnerable version(s).

Comment 9 James Le Cuirot gentoo-dev

2017-02-24 10:31:47 UTC

Old removed.

Comment 10 GLSAMaker/CVETool Bot gentoo-dev

2017-07-05 09:11:52 UTC

This issue was resolved and addressed in
 GLSA 201707-01 at https://security.gentoo.org/glsa/201707-01
by GLSA coordinator Thomas Deutschmann (whissi).