IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!

Deepak Bhole dbhole at redhat.com
Wed Nov 7 10:16:00 PST 2012


A potential heap buffer overflow issue has been found and fixed in
IcedTea-Web. It is recommended that all IcedTea-Web users update to this
new version.

We would like to thank Arthur Gerkis for reporting this issue.

The fixed issue is:
RH869040, CVE-2012-4540: Heap-based buffer overflow after triggering event attached to applet

Other fixes are listed in the NEWS files:
1.1.7 NEWS file [http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS]
1.2.2 NEWS file [http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/2d21b045ef60/NEWS]
1.3.1 NEWS file [http://icedtea.classpath.org/hg/release/icedtea-web-1.3/file/085acbc2a34c/NEWS]

Please note that this will be the last 1.1.x release as we are not aware
of any distribution currently using 1.1.

The following people helped with these releases:
Adam Domurad
Omair Majid
Saad Mohammad
Jiri Vanek

Checksums:
709ef1880e259d0d0661d57323448e03524153fe3ade21366d55aff5a49608bb icedtea-web-1.1.7.tar.gz
e9e3c3dc413b01b965c0fc7fdc73d89683ffe1422ca7fd218c98debab9bdb675 icedtea-web-1.2.2.tar.gz
20c7fd1eef6c79cbc6478bb01236a3eb2f0af6184eaed24baca59a3c37eafb56 icedtea-web-1.3.1.tar.gz

Download links:
http://icedtea.classpath.org/download/source/icedtea-web-1.1.7.tar.gz
http://icedtea.classpath.org/download/source/icedtea-web-1.2.2.tar.gz
http://icedtea.classpath.org/download/source/icedtea-web-1.3.1.tar.gz

After extracting, it can be built as per instructions here:
http://icedtea.classpath.org/wiki/IcedTea-Web#Building_IcedTea-Web

Cheers,
Deepak



More information about the distro-pkg-dev mailing list