[SECURITY: IcedTea-Web] IcedTea6 1.8.11 and 1.9.11 Released!
Dr Andrew John Hughes
ahughes at redhat.com
Tue Nov 8 08:13:48 PST 2011
The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for alternative
virtual machines.
A new set of security releases is now available for versions of IcedTea
which include the plugin and Web Start support now developed in the
IcedTea-Web project:
* IcedTea6 1.8.11
* IcedTea6 1.9.11
Where possible, we recommend using IcedTea-Web in preference to these
older versions, in order to obtain the latest bug fixes and features.
All updates contain the following security fixes:
* RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
Full details of each release can be found below.
What’s New?
—————–
New in release 1.9.11 (2011-11-08):
* Security fixes
- RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
New in release 1.8.11 (2011-11-08):
* Security fixes
- RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
The tarballs can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea6-1.8.11.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.9.11.tar.gz
SHA256 checksums:
6eb418ec0609080a71bda16896124d6e1ac23b2f54af52e05fc22c719e12ca29 icedtea6-1.8.11.tar.gz
fd3b32f8dd1010fa8b752f0224fb25a8fe102c9f82652f0ded32138fd4ba3714 icedtea6-1.9.11.tar.gz
Each tarball is accompanied by a digital signature (available at the
above URL + '.sig'). This is produced using my public key. See
details below in the signature.
The following people helped with these releases:
* Deepak Bhole (RH742515)
* Andrew John Hughes (release management)
* Omair Majid (additional patch preparation work)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea6-<ver>.tar.gz
$ cd icedtea6-<ver>
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap ...]
$ make
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20111108/f5283bcd/attachment.bin
More information about the distro-pkg-dev
mailing list