/hg/release/icedtea-web-1.2: 4 new changesets
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Wed Nov 7 10:04:40 PST 2012
changeset 596a718be03f in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=596a718be03f
author: Deepak Bhole <dbhole at redhat.com>
date: Thu Nov 01 11:50:47 2012 -0400
CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
changeset 8253e1b5b996 in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=8253e1b5b996
author: Deepak Bhole <dbhole at redhat.com>
date: Thu Nov 01 12:26:08 2012 -0400
Prepare for 1.2.2
changeset 2d21b045ef60 in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=2d21b045ef60
author: Deepak Bhole <dbhole at redhat.com>
date: Thu Nov 01 12:26:18 2012 -0400
Added tag icedtea-web-1.2.2 for changeset 8253e1b5b996
changeset 382db02cb655 in /hg/release/icedtea-web-1.2
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.2?cmd=changeset;node=382db02cb655
author: Deepak Bhole <dbhole at redhat.com>
date: Thu Nov 01 12:27:21 2012 -0400
Prepare for 1.2.3
diffstat:
.hgtags | 1 +
ChangeLog | 17 +++++++++++++++++
NEWS | 6 +++++-
configure.ac | 2 +-
plugin/icedteanp/IcedTeaScriptablePluginObject.cc | 18 +++---------------
5 files changed, 27 insertions(+), 17 deletions(-)
diffs (99 lines):
diff -r f6cdd8639a8d -r 382db02cb655 .hgtags
--- a/.hgtags Tue Aug 07 10:59:11 2012 -0400
+++ b/.hgtags Thu Nov 01 12:27:21 2012 -0400
@@ -2,3 +2,4 @@
b605505179459c9f2119e4dfde999fc6300e4c87 icedtea-web-1.1-branchpoint
58c02a3ace5dd11edc900d869b7c69186c54101d icedtea-web-1.2
fae550dbc8843d997d6180b1ba4d25b3dd831ac9 icedtea-web-1.2.1
+8253e1b5b9965b9a90b98a5a5e5c7067498cd0f3 icedtea-web-1.2.2
diff -r f6cdd8639a8d -r 382db02cb655 ChangeLog
--- a/ChangeLog Tue Aug 07 10:59:11 2012 -0400
+++ b/ChangeLog Thu Nov 01 12:27:21 2012 -0400
@@ -1,3 +1,20 @@
+2012-11-01 Deepak Bhole <dbhole at redhat.com>
+
+ * configure.ac: Prepare for 1.2.3
+ * NEWS: Same
+
+2012-11-01 Deepak Bhole <dbhole at redhat.com>
+
+ * configure.ac: Prepare for 1.2.2
+ * NEWS: Same
+
+2012-11-01 Deepak Bhole <dbhole at redhat.com>
+
+ CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event
+ attached to applet
+ * plugin/icedteanp/IcedTeaScriptablePluginObject.cc: Removed unnecessary
+ heap allocations.
+
2012-08-07 Adam Domurad <adomurad at redhat.com>
Fixes PR1106, plugin crashing with firefox + archlinux/gentoo
diff -r f6cdd8639a8d -r 382db02cb655 NEWS
--- a/NEWS Tue Aug 07 10:59:11 2012 -0400
+++ b/NEWS Thu Nov 01 12:27:21 2012 -0400
@@ -8,7 +8,11 @@
CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release 1.2.2 (2012-XX-XX):
+New in release 1.2.3 (2012-XX-XX):
+
+New in release 1.2.2 (2012-11-07):
+* Security Updates
+ - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
* Plugin
- PR1106: Buffer overflow in plugin table
diff -r f6cdd8639a8d -r 382db02cb655 configure.ac
--- a/configure.ac Tue Aug 07 10:59:11 2012 -0400
+++ b/configure.ac Thu Nov 01 12:27:21 2012 -0400
@@ -1,4 +1,4 @@
-AC_INIT([icedtea-web],[1.2.2pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
+AC_INIT([icedtea-web],[1.2.3pre],[distro-pkg-dev at openjdk.java.net], [icedtea-web], [http://icedtea.classpath.org/wiki/IcedTea-Web])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile netx.manifest])
diff -r f6cdd8639a8d -r 382db02cb655 plugin/icedteanp/IcedTeaScriptablePluginObject.cc
--- a/plugin/icedteanp/IcedTeaScriptablePluginObject.cc Tue Aug 07 10:59:11 2012 -0400
+++ b/plugin/icedteanp/IcedTeaScriptablePluginObject.cc Thu Nov 01 12:27:21 2012 -0400
@@ -591,10 +591,7 @@
if (java_result->error_occurred)
{
- // error message must be allocated on heap
- char* error_msg = (char*) malloc(java_result->error_msg->length()*sizeof(char));
- strcpy(error_msg, java_result->error_msg->c_str());
- browser_functions.setexception(npobj, error_msg);
+ browser_functions.setexception(npobj, java_result->error_msg->c_str());
return false;
}
@@ -853,11 +850,7 @@
createJavaObjectFromVariant(instance, args[i], &id);
if (id == "0")
{
- // error message must be allocated on heap
- char* error_msg = (char*) malloc(1024*sizeof(char));
- strcpy(error_msg, "Unable to create argument on Java side");
-
- browser_functions.setexception(npobj, error_msg);
+ browser_functions.setexception(npobj, "Unable to create argument on Java side");
return false;
}
@@ -871,12 +864,7 @@
if (java_result->error_occurred)
{
- // error message must be allocated on heap
- int length = java_result->error_msg->length();
- char* error_msg = (char*) malloc((length+1)*sizeof(char));
- strcpy(error_msg, java_result->error_msg->c_str());
-
- browser_functions.setexception(npobj, error_msg);
+ browser_functions.setexception(npobj, java_result->error_msg->c_str());
return false;
}
More information about the distro-pkg-dev
mailing list