/hg/release/icedtea-web-1.2: 4 new changesets

dbhole at icedtea.classpath.org dbhole at icedtea.classpath.org
Tue Jul 31 11:26:26 PDT 2012 

changeset ec09874d2716 in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=ec09874d2716
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 11:44:50 2012 -0400

	CVE-2012-3422, RH840592: Potential read from an uninitialized memory location

	Updated NEWS file with entry for CVE-2012-3423


changeset fae550dbc884 in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=fae550dbc884
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 14:01:31 2012 -0400

	Prepare for 1.2.1


changeset afba9cb10cce in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=afba9cb10cce
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 14:19:58 2012 -0400

	Added tag icedtea-web-1.2.1 for changeset fae550dbc884


changeset f6d6d529d73c in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=f6d6d529d73c
author: Deepak Bhole <dbhole at redhat.com>
date: Tue Jul 24 14:02:12 2012 -0400

	Prepare for 1.2.2


diffstat:

 .hgtags                             |   1 +
 ChangeLog                           |  20 ++++++++++++++++++++
 NEWS                                |   7 ++++++-
 configure.ac                        |   2 +-
 plugin/icedteanp/IcedTeaNPPlugin.cc |  10 ++++++++++
 5 files changed, 38 insertions(+), 2 deletions(-)

diffs (88 lines):

diff -r 087d8407b2e1 -r f6d6d529d73c .hgtags
--- a/.hgtags	Tue Jul 24 10:24:57 2012 -0400
+++ b/.hgtags	Tue Jul 24 14:02:12 2012 -0400
@@ -1,3 +1,4 @@
 692d7e5b31039156aff1600fd7f5034fead2f258 icedtea-web-1.0-branchpoint
 b605505179459c9f2119e4dfde999fc6300e4c87 icedtea-web-1.1-branchpoint
 58c02a3ace5dd11edc900d869b7c69186c54101d icedtea-web-1.2
+fae550dbc8843d997d6180b1ba4d25b3dd831ac9 icedtea-web-1.2.1
diff -r 087d8407b2e1 -r f6d6d529d73c ChangeLog
--- a/ChangeLog	Tue Jul 24 10:24:57 2012 -0400
+++ b/ChangeLog	Tue Jul 24 14:02:12 2012 -0400
@@ -1,3 +1,23 @@
+2012-07-24  Deepak Bhole <dbhole at redhat.com>
+
+	* configure.ac: Prepare for 1.2.2
+	* NEWS: Same
+
+2012-07-24  Deepak Bhole <dbhole at redhat.com>
+
+	* configure.ac: Prepare for 1.2.1
+	* NEWS: Same
+
+2012-07-24  Adam Domurad  <adomurad at redhat.com>
+
+	CVE-2012-3422, RH840592: Potential read from an uninitialized
+	memory location.
+	* plugin/icedteanp/IcedTeaNPPlugin.cc
+	(get_cookie_info): Only attempt to perform this operation if there is a
+	valid plugin instance
+	(get_proxy_info): Only attempt to perform this operation if there is a
+	valid plugin instance
+
 2012-07-24  Adam Domurad  <adomurad at redhat.com>
 
 	* plugin/icedteanp/IcedTeaPluginUtils.cc
diff -r 087d8407b2e1 -r f6d6d529d73c NEWS
--- a/NEWS	Tue Jul 24 10:24:57 2012 -0400
+++ b/NEWS	Tue Jul 24 14:02:12 2012 -0400
@@ -8,7 +8,12 @@
 
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
-New in release 1.2.1 (2012-XX-XX):
+New in release 1.2.2 (2012-XX-XX):
+
+New in release 1.2.1 (2012-07-31):
+* Security Updates
+  - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location
+  - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings
 * NetX
   - PR898: signed applications with big jnlp-file doesn't start (webstart affect like "frozen")
   - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly
diff -r 087d8407b2e1 -r f6d6d529d73c configure.ac
--- a/configure.ac	Tue Jul 24 10:24:57 2012 -0400
+++ b/configure.ac	Tue Jul 24 14:02:12 2012 -0400
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.2.1pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.2.2pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
 AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
 AC_CONFIG_FILES([Makefile netx.manifest])
 
diff -r 087d8407b2e1 -r f6d6d529d73c plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Jul 24 10:24:57 2012 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Jul 24 14:02:12 2012 -0400
@@ -925,6 +925,11 @@
 NPError
 get_cookie_info(const char* siteAddr, char** cookieString, uint32_t* len)
 {
+  // Only attempt to perform this operation if there is a valid plugin instance
+  if (g_hash_table_size(instance_to_id_map) <= 0)
+  {
+    return NPERR_GENERIC_ERROR;
+  }
 #if MOZILLA_VERSION_COLLAPSED < 1090100
   nsresult rv;
   nsCOMPtr<nsIScriptSecurityManager> sec_man =
@@ -1340,6 +1345,11 @@
 NPError
 get_proxy_info(const char* siteAddr, char** proxy, uint32_t* len)
 {
+  // Only attempt to perform this operation if there is a valid plugin instance
+  if (g_hash_table_size(instance_to_id_map) <= 0)
+  {
+	  return NPERR_GENERIC_ERROR;
+  }
 #if MOZILLA_VERSION_COLLAPSED < 1090100
   nsresult rv;

More information about the distro-pkg-dev mailing list