[SECURITY] IcedTea6 1.7.7, 1.8.4, 1.9.4 Released!

Dr Andrew John Hughes ahughes at redhat.com
Tue Jan 18 06:40:13 PST 2011 

We are pleased to announce a new set of security releases, IcedTea6 1.7.7, IcedTea6 1.8.4
and IcedTea6 1.9.4.
 
This update contains the following security updates:
 
* RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What’s New?
—————–
 
IcedTea6 1.7.7
==============

* Security updates
  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
* Backports
  - S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
  - S4356282: RFE: JDK should support OpenType/CFF fonts
  - S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
  - S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
  - S6967436, RH597227: lines longer than 2^15 can fill window.
  - S6967433: dashed lines broken when using scaling transforms.
  - S6976265: No STROKE_CONTROL
  - S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
* Fixes:
  - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text
 
IcedTea6 1.8.4
==============
 
* Security updates
  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
* Backports
  - S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
  - S4356282: RFE: JDK should support OpenType/CFF fonts
  - S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
  - S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
  - S6967436, RH597227: lines longer than 2^15 can fill window.
  - S6967433: dashed lines broken when using scaling transforms.
  - S6976265: No STROKE_CONTROL
  - S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
* Fixes:
  - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text

IcedTea6 1.9.4
==============
 
* Security updates
  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
* Backports
  - S4356282: RFE: JDK should support OpenType/CFF fonts
  - S6954424, RH525870: Support OpenType/CFF fonts in JDK 7
  - S6795356, PR590: Leak caused by javax.swing.UIDefaults.ProxyLazyValue.acc
  - S6967436, RH597227: lines longer than 2^15 can fill window.
  - S6967433: dashed lines broken when using scaling transforms.
  - S6976265: No STROKE_CONTROL
  - S6967434, PR450, RH530642: Round joins/caps of scaled up lines have poor quality.
  - S6438179, RH569121: XToolkit.isTraySupported() result has nothing to do with the system tray
* Fixes
  - S7003777, RH647674: JTextPane produces incorrect content after parsing the html text

The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea6-1.7.7.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.8.4.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.9.4.tar.gz
 
SHA256 sums:

4c35574df1214c2e2533b282d6045f79f61eb702d59cd4ac73eec973f4c51fb6  icedtea6-1.7.7.tar.gz
0f89e920a829f3f1a6057065c85520b910504a0be1fbc94f8db2390242edc784  icedtea6-1.8.4.tar.gz
2194b59d8c17ad6ff2fb495e10f9e6023993df5f8ce8a3739bf057f6562ef077  icedtea6-1.9.4.tar.gz
 
The following people helped with these releases:

Andrew John Hughes, Denis Lila, Omair Majid

We would also like to thank the bug reporters and testers!

To get started:
$ tar xzf icedtea6-<ver>.tar.gz
$ cd icedtea6-<ver>

Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make
-- 
Andrew :)
 
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint = F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8

More information about the distro-pkg-dev mailing list