Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 609562 - <dev-java/icedtea{,-bin}-7.2.6.9: multiple vulnerabilities
Summary: <dev-java/icedtea{,-bin}-7.2.6.9: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on: 605430
Blocks:
  Show dependency tree
 
Reported: 2017-02-16 19:26 UTC by Thomas Deutschmann
Modified: 2017-07-05 09:12 UTC (History)
1 user (show)

See Also:
Package list:
=dev-java/icedtea-bin-7.2.6.9 amd64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-02-16 19:26:33 UTC
From $URL:

New in release 2.6.9 (2017-02-14)

    Security fixes
        S8138725: Add options for Javadoc generation
        S8140353: Improve signature checking
        S8151934, CVE-2017-3231: Resolve class resolution
        S8156804, CVE-2017-3241: Better constraint checking
        S8158406: Limited Parameter Processing
        S8158997: JNDI Protocols Switch
        S8159507: RuntimeVisibleAnnotation validation
        S8161218: Better bytecode loading
        S8161743, CVE-2017-3252: Provide proper login context
        S8162577: Standardize logging levels
        S8162973: Better component components
        S8164143, CVE-2017-3260: Improve components for menu items
        S8164147, CVE-2017-3261: Improve streaming socket output
        S8165071, CVE-2016-2183: Expand TLS support
        S8165344, CVE-2017-3272: Update concurrency support
        S8166988, CVE-2017-3253: Improve image processing performance
        S8167104, CVE-2017-3289: Additional class construction refinements
        S8167223, CVE-2016-5552: URL handling improvements
        S8168705, CVE-2016-5547: Better ObjectIdentifier validation
        S8168714, CVE-2016-5546: Tighten ECDSA validation
        S8168728, CVE-2016-5548: DSA signing improvments
        S8168724, CVE-2016-5549: ECDSA signing improvments
Comment 1 James Le Cuirot gentoo-dev 2017-03-01 22:31:08 UTC
I need to figure out bug #605430 before I can build the -bin packages. This is high priority so watch this space.
Comment 2 James Le Cuirot gentoo-dev 2017-03-07 22:01:24 UTC
Bumps done. Sorry for the wait. icedtea-7.2.6.8 has been removed. amd64 and x86 teams, please stabilize icedtea-bin.
Comment 3 Thomas Deutschmann gentoo-dev Security 2017-03-07 22:53:48 UTC
Added to an existing GLSA.
Comment 4 Thomas Deutschmann gentoo-dev Security 2017-03-19 20:56:10 UTC
x86 stable
Comment 5 James Le Cuirot gentoo-dev 2017-05-23 15:12:13 UTC
amd64 team, you were too slow. 7.2.6.9 is vulnerable and I'm about to commit the next version.
Comment 6 Thomas Deutschmann gentoo-dev Security 2017-06-03 10:22:54 UTC
Cleanup will happen via bug 619458.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2017-07-05 09:12:01 UTC
This issue was resolved and addressed in
 GLSA 201707-01 at https://security.gentoo.org/glsa/201707-01
by GLSA coordinator Thomas Deutschmann (whissi).