Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 705992 (CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659) - <dev-java/icedtea{-bin}-3.15.0, <dev-java/openjdk{-bin}-8.242{_p08}: Multiple vulnerabilties (CVE-2020-{2583,2590,2593,2601,2604,2659,2654})
Summary: <dev-java/icedtea{-bin}-3.15.0, <dev-java/openjdk{-bin}-8.242{_p08}: Multiple...
Status: RESOLVED FIXED
Alias: CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://mail.openjdk.java.net/piperma...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-21 06:26 UTC by Andrew John Hughes
Modified: 2021-01-25 00:03 UTC (History)
2 users (show)

See Also:
Package list:
dev-java/icedtea-bin-3.15.0 amd64 arm64 ppc64 x86
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew John Hughes 2020-01-21 06:26:18 UTC
http://bitly.com/it31500

Updated IcedTea ebuild is in java-overlay.

Reproducible: Always
Comment 1 Andrew John Hughes 2020-01-21 06:27:12 UTC
* Security fixes
  - S8225261: Better method resolutions
  - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets
  - S8225279: Better XRender interpolation
  - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities
  - S8227758: More valid PKIX processing
  - S8227816: More Colorful ICC profiles
  - S8228548, CVE-2020-2593: Normalize normalization for all
  - S8229951, CVE-2020-2601: Better Ticket Granting Services
  - S8230279: Improve Pack200 file reading
  - S8230318: Better trust store usage
  - S8230967: Improve Registry support of clients
  - S8231129: More glyph images
  - S8231139: Improved keystore support
  - S8231422, CVE-2020-2604: Better serial filter handling
  - S8231795, CVE-2020-2659: Enhance datagram socket support
  - S8232419: Improve Registry registration
  - S8234037, CVE-2020-2654: Improve Object Identifier Processing
Comment 2 Georgy Yakovlev archtester gentoo-dev 2020-01-21 18:16:12 UTC
dev-java/icedtea-3.15.0 imported to ::gentoo, building images for -bin
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 19:50:38 UTC
(In reply to Georgy Yakovlev from comment #2)
> dev-java/icedtea-3.15.0 imported to ::gentoo, building images for -bin

Any updates on this?
Comment 4 Larry the Git Cow gentoo-dev 2020-03-28 05:05:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a99a9ca5278c4af455aed0acca4d5105fa12184

commit 0a99a9ca5278c4af455aed0acca4d5105fa12184
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2020-03-28 04:42:00 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2020-03-28 05:05:00 +0000

    dev-java/icedtea-bin: bump to 3.15.0
    
    Bug: https://bugs.gentoo.org/705992
    Closes: https://bugs.gentoo.org/612414
    Closes: https://bugs.gentoo.org/707552
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/icedtea-bin/Manifest                  |  14 +++
 dev-java/icedtea-bin/icedtea-bin-3.15.0.ebuild | 139 +++++++++++++++++++++++++
 2 files changed, 153 insertions(+)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 05:24:13 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 05:25:59 UTC
(In reply to Sam James (sam_c) (security padawan) from comment #5)
> @maintainer(s), please advise if ready for stabilisation, or call yourself.
Comment 7 Georgy Yakovlev archtester gentoo-dev 2020-03-28 05:29:57 UTC
arches please stabilize icedtea-bin-3.15.0
Comment 8 Mart Raudsepp gentoo-dev 2020-03-28 22:48:15 UTC
arm64 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-29 01:09:05 UTC
(updating summary to reflect openjdk{-bin} affected).
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-03-29 07:28:54 UTC
amd64 stable
Comment 11 Georgy Yakovlev archtester gentoo-dev 2020-03-30 07:27:45 UTC
ppc64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-03-31 07:22:50 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 13 Georgy Yakovlev archtester gentoo-dev 2020-03-31 08:34:04 UTC
cleanup done, no old versions in the tree
Comment 14 NATTkA bot gentoo-dev 2020-04-12 19:22:46 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 15 NATTkA bot gentoo-dev 2020-05-24 04:12:48 UTC
Unable to check for sanity:

> no match for package: dev-java/icedtea-bin-3.15.0
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2021-01-25 00:03:23 UTC
This issue was resolved and addressed in
 GLSA 202101-19 at https://security.gentoo.org/glsa/202101-19
by GLSA coordinator Aaron Bauman (b-man).