Bug 818768 – VUL-0: icedtea-web 1.4 released

Bug 818768 - VUL-0: icedtea-web 1.4 released


Summary:	VUL-0: icedtea-web 1.4 released

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp2:52523 maint:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2013-05-07 14:17 UTC by Michal Vyskocil
Modified:	2013-07-11 12:57 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michal Vyskocil 2013-05-07 14:17:12 UTC

Already public
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html

* Security updates
   - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
   - CVE-2013-1927, RH884705: fixed gifar vulnerabilit
   - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
   - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings

rest is skipped

We do need an update for all openSUSEs and SLE-11

Comment 2 Bernhard Wiedemann 2013-05-07 15:00:25 UTC

This is an autogenerated message for OBS integration:
This bug (818768) was mentioned in
https://build.opensuse.org/request/show/174755 Factory / icedtea-web
https://build.opensuse.org/request/show/174756 Maintenance / 
https://build.opensuse.org/request/show/174757 Maintenance /

Comment 3 Swamp Workflow Management 2013-05-07 22:00:18 UTC

bugbot adjusting priority

Comment 10 Bernhard Wiedemann 2013-05-20 04:00:29 UTC

This is an autogenerated message for OBS integration:
This bug (818768) was mentioned in
https://build.opensuse.org/request/show/176108 Evergreen:11.2 / icedtea-web

Comment 11 Swamp Workflow Management 2013-05-24 15:07:31 UTC

openSUSE-SU-2013:0826-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 818768
CVE References: CVE-2012-3422,CVE-2012-3423,CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 12.2 (src):    icedtea-web-1.4-1.17.1

Comment 12 Bernhard Wiedemann 2013-05-27 08:00:37 UTC

This is an autogenerated message for OBS integration:
This bug (818768) was mentioned in
https://build.opensuse.org/request/show/176635 Evergreen:11.2 / icedtea-web

Comment 13 Swamp Workflow Management 2013-05-31 14:01:33 UTC

Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP2 (i386, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)

Comment 14 Marcus Meissner 2013-05-31 18:21:21 UTC

released

Comment 15 Swamp Workflow Management 2013-06-10 09:12:04 UTC

openSUSE-SU-2013:0893-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 818768
CVE References: CVE-2012-3422,CVE-2012-3423,CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 12.3 (src):    icedtea-web-1.4-4.14.1

Comment 16 Swamp Workflow Management 2013-06-10 10:22:34 UTC

openSUSE-SU-2013:0966-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 818768
CVE References: CVE-2012-3422,CVE-2012-3423,CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 11.4 (src):    icedtea-web-1.4-34.1

Comment 18 Swamp Workflow Management 2013-07-10 13:54:23 UTC

Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)