/hg/release/icedtea-web-1.1: 4 new changesets
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Tue Jul 31 11:26:08 PDT 2012
changeset 109bec81dd4b in /hg/release/icedtea-web-1.1
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.1?cmd=changeset;node=109bec81dd4b
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 13:58:42 2012 -0400
CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
Updated NEWS file with entry for CVE-2012-3423
changeset e62245b1ab29 in /hg/release/icedtea-web-1.1
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.1?cmd=changeset;node=e62245b1ab29
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 13:59:26 2012 -0400
Prepare for 1.1.6
changeset 5116ebb94452 in /hg/release/icedtea-web-1.1
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.1?cmd=changeset;node=5116ebb94452
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 25 16:26:26 2012 -0400
Added tag icedtea-web-1.1.6 for changeset e62245b1ab29
changeset 431bf0c06da5 in /hg/release/icedtea-web-1.1
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.1?cmd=changeset;node=431bf0c06da5
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 14:19:35 2012 -0400
Prepare for 1.1.7
diffstat:
.hgtags | 1 +
ChangeLog | 20 ++++++++++++++++++++
NEWS | 9 +++++++--
configure.ac | 2 +-
plugin/icedteanp/IcedTeaNPPlugin.cc | 10 ++++++++++
5 files changed, 39 insertions(+), 3 deletions(-)
diffs (90 lines):
diff -r 52f5d2f97584 -r 431bf0c06da5 .hgtags
--- a/.hgtags Wed Jul 25 16:10:02 2012 -0400
+++ b/.hgtags Tue Jul 24 14:19:35 2012 -0400
@@ -5,3 +5,4 @@
3352c0b0d9bb990ec4dd89baadc2ef11bc8eed28 icedtea-web-1.1.3
77cbf8633a7c63046eb70fbe89d594a8c7b116af icedtea-web-1.1.4
4303e215188f1ae6ffd6ac639ea71b569c2ac7fb icedtea-web-1.1.5
+e62245b1ab299666397584e430a4feeeb1c0865a icedtea-web-1.1.6
diff -r 52f5d2f97584 -r 431bf0c06da5 ChangeLog
--- a/ChangeLog Wed Jul 25 16:10:02 2012 -0400
+++ b/ChangeLog Tue Jul 24 14:19:35 2012 -0400
@@ -1,3 +1,23 @@
+2012-07-25 Deepak Bhole <dbhole at redhat.com>
+
+ * configure.ac: Prepare for 1.1.7
+ * NEWS: Same
+
+2012-07-25 Deepak Bhole <dbhole at redhat.com>
+
+ * configure.ac: Prepare for 1.1.6
+ * NEWS: Same
+
+2012-07-25 Adam Domurad <adomurad at redhat.com>
+
+ CVE-2012-3422, RH840592: Potential read from an uninitialized
+ memory location.
+ * plugin/icedteanp/IcedTeaNPPlugin.cc
+ (get_cookie_info): Only attempt to perform this operation if there is a
+ valid plugin instance
+ (get_proxy_info): Only attempt to perform this operation if there is a
+ valid plugin instance
+
2012-07-25 Adam Domurad <adomurad at redhat.com>
Allow passing of plugin tables and browser tables in NP_Initialize that
diff -r 52f5d2f97584 -r 431bf0c06da5 NEWS
--- a/NEWS Wed Jul 25 16:10:02 2012 -0400
+++ b/NEWS Tue Jul 24 14:19:35 2012 -0400
@@ -8,8 +8,13 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.1.6 (2012-XX-XX):
- * Plugin
+New in release 1.1.7 (2012-XX-XX):
+
+New in release 1.1.6 (2012-07-31):
+* Security Updates
+ - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
+ - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
+* Plugin
- PR863: Error passing strings to applet methods in Chromium
- PR518: NPString.utf8characters not guaranteed to be nul-terminated
diff -r 52f5d2f97584 -r 431bf0c06da5 configure.ac
--- a/configure.ac Wed Jul 25 16:10:02 2012 -0400
+++ b/configure.ac Tue Jul 24 14:19:35 2012 -0400
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.1.6pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.1.7pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile netx.manifest])
diff -r 52f5d2f97584 -r 431bf0c06da5 plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Wed Jul 25 16:10:02 2012 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Jul 24 14:19:35 2012 -0400
@@ -886,6 +886,11 @@
NPError
get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len)
{
+ // Only attempt to perform this operation if there is a valid plugin instance
+ if (g_hash_table_size(instance_to_id_map) <= 0)
+ {
+ return NPERR_GENERIC_ERROR;
+ }
#if MOZILLA_VERSION_COLLAPSED < 1090100
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager> sec_man =
@@ -1306,6 +1311,11 @@
NPError
get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len)
{
+ // Only attempt to perform this operation if there is a valid plugin instance
+ if (g_hash_table_size(instance_to_id_map) <= 0)
+ {
+ return NPERR_GENERIC_ERROR;
+ }
#if MOZILLA_VERSION_COLLAPSED < 1090100
nsresult rv;
More information about the distro-pkg-dev
mailing list