[SECURITY] IcedTea6 1.11.9 and 1.12.4 Released!

Omair Majid omajid at redhat.com
Mon Mar 4 15:25:52 PST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools, along with additional
features such as a PulseAudio sound driver and support for alternative
virtual machines.

A new set of security releases is now available:

* IcedTea6 1.11.9
* IcedTea6 1.12.4

We recommend that users upgrade to the latest release from the
appropriate branch as soon as possible.

All updates contain the following security fixes:

 * S8007014, CVE-2013-0809: Improve image handling
 * S8007675, CVE-2013-1493: Improve color conversion

Full details of each release can be found below.

What’s New?
—————–

New in release 1.11.9 (2013-03-04):

* Security fixes
  - S8007014, CVE-2013-0809: Improve image handling
  - S8007675, CVE-2013-1493: Improve color conversion

New in release 1.12.4 (2013-03-04):

* Security fixes
  - S8007014, CVE-2013-0809: Improve image handling
  - S8007675, CVE-2013-1493: Improve color conversion

The tarballs can be downloaded from:
* http://icedtea.classpath.org/download/source/icedtea6-1.11.9.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.12.4.tar.gz

SHA256 checksums:
0c134bea8d48c77ad5d41d4a0f98f471c381faaa0ef0c215d48687e709e93f3f
icedtea6-1.11.9.tar.gz
eb326c6ae0147ca4abe4bd79e52c1edc2ef08e5e008230e24bee3abb39e14dda
icedtea6-1.12.4.tar.gz

Each tarball is accompanied by a digital signature (available at the
above URL + '.sig').  This is produced using my public key.  See
details below.

The following people helped with these releases:

* Elliott Baron (checking S7189103 & S7189567)
* Severin Gehwolf (creation of fix for S8007675, checking S8007014 &
S8007675)
* Omair Majid (applying all security patches, reproducer runs, release
management)
* Mario Torre (creation of fix for S8007675)

We would also like to thank the bug reporters and testers!

To get started:

$ tar xf icedtea6-${ver}.tar.gz

Full build requirements and instructions are in INSTALL:

$ mkdir icedtea6-build
$ cd icedtea6-build
$ ../icedtea6-${ver}/configure [--enable-zero --enable-pulse-java
- --enable-systemtap ...]
$ make
- -- 
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95  0056 F286 F14F 6648 4681
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRNS2AAAoJEPKG8U9mSEaBZjgP/R4gifjRFSz39mRR1AwQeUlz
yYB6azIn+PmvczhOPuIertcm+51OF88EJ+HeBF6YModSGLORwznqo+R/iRP4sXsP
XDN2rbHkDjot2RfbrAOhOg+t5mNAxy7plEWgP3P5AXHQ9jjU1faXQiIkORUxb4zg
FU+vKOCBcPKFLpzaUwGxnNTbK65i36eWk4voVYWUChyL6v2QgUyb6wuNTVvhABg2
Jf/u+OSaQLZQOZobn3gKGk31h47aFvt8gpmPku3ItNIk96pR58G3olHLULMi01Ya
bZVAkptIRumcPfEYshBctMarCQbW2v/JiGGTotE58EYKReYoBfofTAQ+KNOzukyQ
c/dLOzk7xjt2lYfbeY+rbJEE+rT/db69qL7F/wRcmRNt92s6o2KFRZ9yUM8g5CBL
HpG980SvNW3ZIy/cA6E6qfOLl7oqwRZCjL5ECip5/lkDHilJ5eqI62uGm617VKVS
HJZCd3oFzrZZQl/g2PHe74kc0fxs9AGlmCsw6bPmq1ufv4mLe7ABzDCuUPSOOS07
1hzMfazBXNJG2hD78GfrguIIbBH/wgFC2Iz8Wii6QP0kmDc+rUSziiKmfL9uEskw
Sh70aiMzs6r5btdwmCkJVv7HuWDPt48znoRpKr8YyS+oh1v/9GIQY/I+ms1fZ6SM
/qyo6Mh3LMPWRn7SqyB+
=1sAf
-----END PGP SIGNATURE-----

More information about the distro-pkg-dev mailing list