Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 375977 (CVE-2011-2513) - <dev-java/icedtea6-bin-1.10.3 ,<dev-java/icedtea-web-1.1.1: multiple vulnerabilities (CVE-2011-{2513,2514})
Summary: <dev-java/icedtea6-bin-1.10.3 ,<dev-java/icedtea-web-1.1.1: multiple vulnerab...
Status: RESOLVED FIXED
Alias: CVE-2011-2513
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://dbhole.wordpress.com/2011/07/...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks: java-security icedtea-tracker
  Show dependency tree
 
Reported: 2011-07-22 09:05 UTC by Vlastimil Babka (Caster) (RETIRED)
Modified: 2011-10-08 22:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-07-22 09:05:31 UTC 
icedtea-web-1.1.1 fixes following vulnerabilities:

RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
RH718170, CVE-2011-2514: Java Web Start security warning dialog manipulation

icedtea6-bin contains also binary version of this package, so has to be bumped as well
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-07-22 09:09:24 UTC 
dev-java/icedtea-web-1.1.1 in tree, going to build icedtea6-bin
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2011-07-24 10:14:21 UTC 
Please stabilize dev-java/icedtea6-bin-1.10.3
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-07-24 18:57:02 UTC 
x86 stable
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2011-07-25 05:38:36 UTC 
amd64:

dev-java/icedtea6-bin-1.10.3 only, AOK

icedtea-web has another dep.
Comment 5 Agostino Sarubbo gentoo-dev 2011-07-25 11:26:29 UTC 
@Ian, we must stabilize only icedtea6-bin not web :)

amd64 ok
Comment 6 Ian Delaney (RETIRED) gentoo-dev 2011-07-25 15:07:10 UTC 
Ago

I agree, exactly what I did
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2011-08-02 14:59:44 UTC 
amd64 done. Thanks Ian and Agostino
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 17:35:12 UTC 
Thanks, folks. GLSA Vote: no.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 22:36:25 UTC 
Vote: NO. Closing noglsa.