Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636522 - <dev-java/icedtea,{-bin}-3.6.0: Multiple vulnerabilties
Summary: <dev-java/icedtea,{-bin}-3.6.0: Multiple vulnerabilties
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://blog.fuseyism.com/index.php/20...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks: 636642
  Show dependency tree
 
Reported: 2017-11-04 15:12 UTC by James Le Cuirot
Modified: 2017-11-19 20:37 UTC (History)
1 user (show)

See Also:
Package list:
=dev-java/icedtea-bin-3.6.0 amd64 ppc64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Le Cuirot gentoo-dev 2017-11-04 15:12:13 UTC
Bumps coming soon. Unfortunately the ppc64(le) build systems are both down right now for reasons unknown.
Comment 1 James Le Cuirot gentoo-dev 2017-11-04 15:17:59 UTC
Bumped. Arch teams, please stabilise.
Comment 2 Stabilization helper bot gentoo-dev 2017-11-04 16:00:43 UTC
An automated check of this bug failed - the following atom is unknown:

dev-java/icedtea-bin-3.6.0

Please verify the atom list.
Comment 3 James Le Cuirot gentoo-dev 2017-11-04 17:53:25 UTC
Gah, I always forget to push.
Comment 4 Thomas Deutschmann gentoo-dev Security 2017-11-05 21:30:18 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-11-08 13:39:26 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 6 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-08 14:18:06 UTC
Thank you, new GLSA Request filed.
Comment 7 James Le Cuirot gentoo-dev 2017-11-08 14:26:09 UTC
Not ready to clean up yet, I still need to generate the ppc64(le) builds. The build systems are being looked at but are not working yet.
Comment 8 James Le Cuirot gentoo-dev 2017-11-09 20:19:14 UTC
ppc64(le) binaries are up. ppc64 team, please test both big and little endian if possible.
Comment 9 Sergei Trofimovich gentoo-dev 2017-11-16 19:46:19 UTC
ppc64 stable
Comment 10 Larry the Git Cow gentoo-dev 2017-11-16 21:06:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b56b9571ad8fecd670b88b6bfec3034d36a939b

commit 5b56b9571ad8fecd670b88b6bfec3034d36a939b
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2017-11-16 21:06:09 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2017-11-16 21:06:09 +0000

    dev-java/icedtea-bin: Remove vulnerable 3.5.1 wrt bug #636522
    
    Bug: https://bugs.gentoo.org/636522
    Package-Manager: Portage-2.3.14, Repoman-2.3.6

 dev-java/icedtea-bin/Manifest                 |  14 ---
 dev-java/icedtea-bin/icedtea-bin-3.5.1.ebuild | 160 --------------------------
 2 files changed, 174 deletions(-)}
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2017-11-19 20:37:38 UTC
This issue was resolved and addressed in
 GLSA 201711-14 at https://security.gentoo.org/glsa/201711-14
by GLSA coordinator Christopher Diaz Riveros (chrisadr).