[SECURITY: IcedTea-Web] IcedTea6 1.8.11 and 1.9.11 Released!

Dr Andrew John Hughes ahughes at redhat.com
Tue Nov 8 08:13:48 PST 2011 

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for alternative
virtual machines.
 
A new set of security releases is now available for versions of IcedTea
which include the plugin and Web Start support now developed in the
IcedTea-Web project:
 
* IcedTea6 1.8.11
* IcedTea6 1.9.11

Where possible, we recommend using IcedTea-Web in preference to these
older versions, in order to obtain the latest bug fixes and features.

All updates contain the following security fixes:

* RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass

Full details of each release can be found below.
 
What’s New?
—————–

New in release 1.9.11 (2011-11-08):

* Security fixes
  - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass

New in release 1.8.11 (2011-11-08):

* Security fixes
  - RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass

The tarballs can be downloaded from:
  
* http://icedtea.classpath.org/download/source/icedtea6-1.8.11.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.9.11.tar.gz
 
SHA256 checksums:

6eb418ec0609080a71bda16896124d6e1ac23b2f54af52e05fc22c719e12ca29  icedtea6-1.8.11.tar.gz
fd3b32f8dd1010fa8b752f0224fb25a8fe102c9f82652f0ded32138fd4ba3714  icedtea6-1.9.11.tar.gz

Each tarball is accompanied by a digital signature (available at the
above URL + '.sig').  This is produced using my public key.  See
details below in the signature.
 
The following people helped with these releases:
 
* Deepak Bhole (RH742515)
* Andrew John Hughes (release management)
* Omair Majid (additional patch preparation work)

We would also like to thank the bug reporters and testers!
  
To get started:

$ tar xzf icedtea6-<ver>.tar.gz
$ cd icedtea6-<ver>
  
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20111108/f5283bcd/attachment.bin

More information about the distro-pkg-dev mailing list