IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!
Deepak Bhole
dbhole at redhat.com
Wed Nov 7 10:16:00 PST 2012
A potential heap buffer overflow issue has been found and fixed in
IcedTea-Web. It is recommended that all IcedTea-Web users update to this
new version.
We would like to thank Arthur Gerkis for reporting this issue.
The fixed issue is:
RH869040, CVE-2012-4540: Heap-based buffer overflow after triggering event attached to applet
Other fixes are listed in the NEWS files:
1.1.7 NEWS file [http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS]
1.2.2 NEWS file [http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/2d21b045ef60/NEWS]
1.3.1 NEWS file [http://icedtea.classpath.org/hg/release/icedtea-web-1.3/file/085acbc2a34c/NEWS]
Please note that this will be the last 1.1.x release as we are not aware
of any distribution currently using 1.1.
The following people helped with these releases:
Adam Domurad
Omair Majid
Saad Mohammad
Jiri Vanek
Checksums:
709ef1880e259d0d0661d57323448e03524153fe3ade21366d55aff5a49608bb icedtea-web-1.1.7.tar.gz
e9e3c3dc413b01b965c0fc7fdc73d89683ffe1422ca7fd218c98debab9bdb675 icedtea-web-1.2.2.tar.gz
20c7fd1eef6c79cbc6478bb01236a3eb2f0af6184eaed24baca59a3c37eafb56 icedtea-web-1.3.1.tar.gz
Download links:
http://icedtea.classpath.org/download/source/icedtea-web-1.1.7.tar.gz
http://icedtea.classpath.org/download/source/icedtea-web-1.2.2.tar.gz
http://icedtea.classpath.org/download/source/icedtea-web-1.3.1.tar.gz
After extracting, it can be built as per instructions here:
http://icedtea.classpath.org/wiki/IcedTea-Web#Building_IcedTea-Web
Cheers,
Deepak
More information about the distro-pkg-dev
mailing list