[SECURITY] IcedTea6 1.10.9 & 1.11.4 & IcedTea 2.3.2 Released!

Andrew Hughes ahughes at redhat.com
Fri Aug 31 12:47:08 PDT 2012


The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for
alternative virtual machines.
 
A new set of security releases is now available:

* IcedTea6 1.10.9
* IcedTea6 1.11.4
* IcedTea 2.3.2
 
All updates contain the following security fixes:

* S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
* S7163201, CVE-2012-0547: Simplify toolkit internals references

In addition, 2.3.2 contains:

* S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects

Full details of each release can be found below.
 
What’s New?
—————–

New in release 1.10.9 (2012-08-31):

* Security fixes
  - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
  - S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
  - S7182135: Impossible to use some editors directly
  - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
  - S6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library
  - S6979329: CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1
  - S7110373: krb5 test in openjdk6 without test infrastructure

New in release 1.11.4 (2012-08-31):

* Security fixes
  - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
  - S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
  - S7182135: Impossible to use some editors directly
  - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE

New in release 2.3.2 (2012-08-31):

* Security fixes
  - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder
  - S7194567, CVE-2012-3136: Improve long term persistence of java.beans objects
  - S7163201, CVE-2012-0547: Simplify toolkit internals references
* OpenJDK
  - Fix Zero FTBFS issues with 2.3
  - S7180036: Build failure in Mac platform caused by fix # 7163201
  - S7182135: Impossible to use some editors directly
  - S7183701: [TEST] closed/java/beans/security/TestClassFinder.java - compilation failed
  - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java failed with NPE
* Bug fixes
  - PR1149: Zero-specific patch files not being packaged

 
The tarballs can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea6-1.10.9.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.11.4.tar.gz
* http://icedtea.classpath.org/download/source/icedtea-2.3.2.tar.gz
 
SHA256 checksums:

ac55c57607177da579af46d9081e8cc53a5033e411704a1b0b074093b629427b  icedtea6-1.10.9.tar.gz
7bc0037514aedbbd5e65edcb2fa300a18285688d27b359c2144fcf563174e4fd  icedtea6-1.11.4.tar.gz
d7e87de527934fcbb06c162e0e119d9b118069f3f52a1420d303fe19c5d74ef2  icedtea-2.3.2.tar.gz


Each tarball is accompanied by a digital signature (available at the
above URL + '.sig').  This is produced using my public key.  See
details below.
 
The following people helped with these releases:

* Andrew John Hughes (all other patches/merging, reproducer testing & release management)
* Matthias Klose (testing of 2.3.2 pre-release)
* Chris Phillips (Zero FTBFS fix)
* Roman Kennke (Zero FTBFS fix)
* Jiri Vanek (testing of pre-releases for all three)


We would also like to thank the bug reporters and testers!

To get started:
$ tar xzf icedtea${ver}.tar.gz
$ cd icedtea${ver}

Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-zero --enable-pulse-java --enable-systemtap...]
$ make
-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07




More information about the distro-pkg-dev mailing list