Bugzilla – Bug 773458
VUL-0: icedtea-web: security issue
Last modified: 2012-09-04 07:00:21 UTC
NOT PUBLIC YET, keep inside SUSE CRD July 31st 2012, 2PM EDT. (proposed) CVE-2012-3422 and CVE-2012-3423 heap buffer overflows in iced-tea plugin implementation of java-1_6_0-opendk. (tarballs were sent via seperate email)
bugbot adjusting priority
submitted 11.4: 129645 12.1: 129648 12.2: 129646 factory: 129647 sle-11: 21039
The SWAMPID for this issue is 48544. This issue was rated as important. Please submit fixed packages until 2012-08-09. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
This is an autogenerated message for OBS integration: This bug (773458) was mentioned in https://build.opensuse.org/request/show/129647 Factory / icedtea-web
There is a regression[1] with FF 14 caused a plugin crash. I am going to resubmit package with a fix [2], so we won't get into the trouble when FF wil be updated. [1] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1106 [2] http://icedtea.classpath.org//hg/release/icedtea-web-1.2?cmd=changeset;node=f6cdd8639a8d
resubmitted factory: 130401 12.2: 130403 12.1: 130404 11.4: 130406 sle-11: 21208
released
Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc Products: SLE-DEBUGINFO 11-SP1 (i386, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64)
Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc Products: SLE-DEBUGINFO 11-SP2 (i386, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64)
openSUSE-SU-2012:0981-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 773458 CVE References: CVE-2012-3422,CVE-2012-3423 Sources used: openSUSE 12.1 (src): icedtea-web-1.2.1-6.1 openSUSE 11.4 (src): icedtea-web-1.2.1-0.13.1
openSUSE-SU-2012:0982-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 773458 CVE References: CVE-2012-3422,CVE-2012-3423 Sources used: openSUSE 12.1 (src): icedtea-web-1.2.1-10.1 openSUSE 11.4 (src): icedtea-web-1.2.1-0.17.1
*** Bug 755054 has been marked as a duplicate of this bug. ***
Hallo, the https://build.suse.de/request/show/21208 has been auto-declined as it does not build on ppc. However it-web is SLED thing only, so please make a new update including the firefox crash fix. BTW: may I resubmit it with ExclusiveArch: %ix86 x86_64?
setting the needinfo: BTW: openSUSE has been released with the patch, so only sle11 needs to be released again
making it exclusivearch is fine by us.
ok, resubmitted with ExclusiveArch to ignore build errors on non intel arches https://build.suse.de/request/show/21410
michal, we released the sle11 version already. do we need to push this out too with the current FIrefox 10ESR we use?
(In reply to comment #17) > michal, we released the sle11 version already. > > do we need to push this out too with the current FIrefox 10ESR we use? Yes, the bnc#755054 has been reported for SLED I have the following firefox packages installed: MozillaFirefox-10.0.3-0.7.1 MozillaFirefox-branding-SLED-7-0.6.7.7 Thus the issue appears with FF 10, even originally has been reported on FF 14 only.
The SWAMPID for this issue is 48829. This issue was rated as moderate. Please submit fixed packages until 2012-09-06. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/48829
maint-coord will handle the regression, tracking is in bug 755054
This is an autogenerated message for OBS integration: This bug (773458) was mentioned in https://build.opensuse.org/request/show/132152 Evergreen:11.2 / icedtea-web
This is an autogenerated message for OBS integration: This bug (773458) was mentioned in https://build.opensuse.org/request/show/132464 Evergreen:11.2 / icedtea-web