[Security][PATCH]: IcedTea-Web 1.1.6 and 1.2.1 released!
Adam Domurad
adomurad at redhat.com
Thu Aug 2 06:18:41 PDT 2012
On Thu, 2012-08-02 at 11:28 +0200, Michal Vyskocil wrote:
> On Tue, Jul 31, 2012 at 02:31:54PM -0400, Deepak Bhole wrote:
> > Hi Everyone,
> >
> > IcedTea-Web 1.1.6 and 1.2.1 have now been released. In addition to bug fixes,
> > they include 2 security fixes and it is therefore recommended that everyone
> > upgrade to this release. The security issues fixed are:
> >
> > RH840592, CVE-2012-3422: Use of uninitialized instance pointers
> > RH841345, CVE-2012-3423: Incorrect handling of non 0-terminated strings
> >
> > Other fixes are listed in the NEWS files:
> > 1.1.6 - http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/5116ebb94452/NEWS
> > 1.2.1 - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/afba9cb10cce/NEWS
>
> It does not build for older xulrunner, because of a typo, attaching
> simple patch
>
> Regards
> Michal Vyskocil
Thanks for noticing this. This was fixed in the 1.3/ branch but I must
have backported it incorrectly ... I pushed the fix to 1.1/1.2 HEAD.
- Adam
More information about the distro-pkg-dev
mailing list