[Security]: IcedTea-Web 1.1.6 and 1.2.1 released!

Deepak Bhole dbhole at redhat.com
Tue Jul 31 11:31:54 PDT 2012

Hi Everyone,

IcedTea-Web 1.1.6 and 1.2.1 have now been released. In addition to bug fixes,
they include 2 security fixes and it is therefore recommended that everyone
upgrade to this release. The security issues fixed are:

RH840592, CVE-2012-3422: Use of uninitialized instance pointers
RH841345, CVE-2012-3423: Incorrect handling of non 0-terminated strings

Other fixes are listed in the NEWS files:
1.1.6 - http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/5116ebb94452/NEWS
1.2.1 - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/afba9cb10cce/NEWS

The following people helped with this release:
Danesh Dadachanji  
Adam Domurad       
Jiri Vanek         
Saad Mohammad      

2e330475fdcd1a83b3f411a1aa475d8d45c585842444d20bb9160bed689dc1f1  icedtea-web-1.1.6.tar.gz
134efcd429086a643ba03ec6e4da991527c3e5dfcd6ed6680a83824ad3f0cfd6  icedtea-web-1.2.1.tar.gz

Download links:

After extracting, it can be built as per instructions here:

More information about the distro-pkg-dev mailing list