[SECURITY] IcedTea6 1.10.9 & 1.11.4 & IcedTea 2.3.2 Released!
Andrew Hughes
ahughes at redhat.com
Fri Aug 31 12:47:08 PDT 2012
The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for
alternative virtual machines.
A new set of security releases is now available:
* IcedTea6 1.10.9
* IcedTea6 1.11.4
* IcedTea 2.3.2
All updates contain the following security fixes:
* S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
* S7163201, CVE-2012-0547: Simplify toolkit internals references
In addition, 2.3.2 contains:
* S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
Full details of each release can be found below.
What’s New?
—————–
New in release 1.10.9 (2012-08-31):
* Security fixes
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
- S7182135: Impossible to use some editors directly
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
- S6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library
- S6979329: CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1
- S7110373: krb5 test in openjdk6 without test infrastructure
New in release 1.11.4 (2012-08-31):
* Security fixes
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
- S7182135: Impossible to use some editors directly
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
New in release 2.3.2 (2012-08-31):
* Security fixes
- S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
- S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
- S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
- Fix Zero FTBFS issues with 2.3
- S7180036: Build failure in Mac platform caused by fix # 7163201
- S7182135: Impossible to use some editors directly
- S7183701: [TEST] closed/java/beans/security/TestClassFinder.java - compilation failed
- S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
* Bug fixes
- PR1149: Zero-specific patch files not being packaged
The tarballs can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea6-1.10.9.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.11.4.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.3.2.tar.gz
SHA256 checksums:
ac55c57607177da579af46d9081e8cc53a5033e411704a1b0b074093b629427b icedtea6-1.10.9.tar.gz
7bc0037514aedbbd5e65edcb2fa300a18285688d27b359c2144fcf563174e4fd icedtea6-1.11.4.tar.gz
d7e87de527934fcbb06c162e0e119d9b118069f3f52a1420d303fe19c5d74ef2 icedtea-2.3.2.tar.gz
Each tarball is accompanied by a digital signature (available at the
above URL + '.sig'). This is produced using my public key. See
details below.
The following people helped with these releases:
* Andrew John Hughes (all other patches/merging, reproducer testing & release management)
* Matthias Klose (testing of 2.3.2 pre-release)
* Chris Phillips (Zero FTBFS fix)
* Roman Kennke (Zero FTBFS fix)
* Jiri Vanek (testing of pre-releases for all three)
We would also like to thank the bug reporters and testers!
To get started:
$ tar xzf icedtea${ver}.tar.gz
$ cd icedtea${ver}
Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap...]
$ make
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the distro-pkg-dev
mailing list