636522 – <dev-java/icedtea,{-bin}-3.6.0: Multiple vulnerabilties

Bug 636522 - <dev-java/icedtea,{-bin}-3.6.0: Multiple vulnerabilties

Summary: <dev-java/icedtea,{-bin}-3.6.0: Multiple vulnerabilties

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	http://blog.fuseyism.com/index.php/20...
Whiteboard:	A2 [glsa]
Keywords:

Depends on:
Blocks:	636642
	Show dependency tree

Reported:	2017-11-04 15:12 UTC by James Le Cuirot
Modified:	2017-11-19 20:37 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=dev-java/icedtea-bin-3.6.0 amd64 ppc64 x86
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Le Cuirot gentoo-dev

2017-11-04 15:12:13 UTC

Bumps coming soon. Unfortunately the ppc64(le) build systems are both down right now for reasons unknown.

Comment 1 James Le Cuirot gentoo-dev

2017-11-04 15:17:59 UTC

Bumped. Arch teams, please stabilise.

Comment 2 Stabilization helper bot gentoo-dev

2017-11-04 16:00:43 UTC

An automated check of this bug failed - the following atom is unknown:

dev-java/icedtea-bin-3.6.0

Please verify the atom list.

Comment 3 James Le Cuirot gentoo-dev

2017-11-04 17:53:25 UTC

Gah, I always forget to push.

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-11-05 21:30:18 UTC

x86 stable

Comment 5 Agostino Sarubbo gentoo-dev

2017-11-08 13:39:26 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 6 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-08 14:18:06 UTC

Thank you, new GLSA Request filed.

Comment 7 James Le Cuirot gentoo-dev

2017-11-08 14:26:09 UTC

Not ready to clean up yet, I still need to generate the ppc64(le) builds. The build systems are being looked at but are not working yet.

Comment 8 James Le Cuirot gentoo-dev

2017-11-09 20:19:14 UTC

ppc64(le) binaries are up. ppc64 team, please test both big and little endian if possible.

Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev

2017-11-16 19:46:19 UTC

ppc64 stable

Comment 10 Larry the Git Cow gentoo-dev

2017-11-16 21:06:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b56b9571ad8fecd670b88b6bfec3034d36a939b

commit 5b56b9571ad8fecd670b88b6bfec3034d36a939b
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-16 21:06:09 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-16 21:06:09 +0000

    dev-java/icedtea-bin: Remove vulnerable 3.5.1 wrt bug #636522
    
    Bug: https://bugs.gentoo.org/636522
    Package-Manager: Portage-2.3.14, Repoman-2.3.6

 dev-java/icedtea-bin/Manifest                 |  14 ---
 dev-java/icedtea-bin/icedtea-bin-3.5.1.ebuild | 160 --------------------------
 2 files changed, 174 deletions(-)}

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2017-11-19 20:37:38 UTC

This issue was resolved and addressed in
 GLSA 201711-14 at https://security.gentoo.org/glsa/201711-14
by GLSA coordinator Christopher Diaz Riveros (chrisadr).