Another security release from Oracle. See URL. Version bumps follow.
Added to tree: =app-emulation/emul-linux-x86-java-1.6.0.37 =dev-java/sun-jdk-1.6.0.37 =dev-java/sun-jre-bin-1.6.0.37 =dev-java/oracle-jdk-bin-1.7.0.9 =dev-java/oracle-jre-bin-1.7.0.9 @Amd64: please stabilize: =app-emulation/emul-linux-x86-java-1.6.0.37 =dev-java/sun-jdk-1.6.0.37 =dev-java/sun-jre-bin-1.6.0.37 @x86: please stabilize: =dev-java/sun-jdk-1.6.0.37 =dev-java/sun-jre-bin-1.6.0.37 =dev-java/oracle-jdk-bin-1.7.0.9 =dev-java/oracle-jre-bin-1.7.0.9
CVE-2012-5089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. CVE-2012-5088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2012-5087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. CVE-2012-5086 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. CVE-2012-5085 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. CVE-2012-5084 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. CVE-2012-5083 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2012-5081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. CVE-2012-5079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2012-5077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2012-5076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. CVE-2012-5075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. CVE-2012-5074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. CVE-2012-5073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. CVE-2012-5072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. CVE-2012-5071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. CVE-2012-5070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. CVE-2012-5069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. CVE-2012-5068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2012-5067 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2012-4416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. CVE-2012-3216 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. CVE-2012-3159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2012-3143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX. CVE-2012-1533 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2012-1532 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2012-1531 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531): Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
amd64 stable
x86 done, last arch!
Thanks, everyone. On existing GLSA draft, ready for review.
This issue was resolved and addressed in GLSA 201401-30 at http://security.gentoo.org/glsa/glsa-201401-30.xml by GLSA coordinator Sean Amoss (ackle).
