LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2013-17016 (icedtea-web)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 18 Update: icedtea-web-1.4.1-0.fc18 


Date:
    	      Fri, 04 Oct 2013 01:58:51 +0000


Message-ID:
    	      <20131004015851.9DB5F21CA4@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-17016
2013-09-18 11:40:36
--------------------------------------------------------------------------------

Name        : icedtea-web
Product     : Fedora 18
Version     : 1.4.1
Release     : 0.fc18
URL         : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary     : Additional Java components for OpenJDK - Java browser plug-in and Web Start
implementation
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.

--------------------------------------------------------------------------------
Update Information:

Updated to icedtea-web 1.4.1
New in release 1.4.1 (2013-XX-YY):
* Improved and cleaned Temporary internet files panel
* PR1465 - java.io.FileNotFoundException while trying to download a JAR file
* PR1473 - javaws should not depend on name of local file
* PR854: Resizing an applet several times causes 100% CPU load
* CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
* reproducers tests are enabled in dist-tarball
* application context support for  OpenJDK build 25 and higher
* small patches into rhino support and
* PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties
* add icedtea-web man page
* make check enabled again
* should be build for non-standart archs
* removed unused multilib arches
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 17 2013 Jiri Vanek <jvanek@redhat.com> 1.4.1-0
- updated to 1.4.1
- add icedtea-web man page
- removed upstreamed  patch1 b25-appContextFix.patch
- should be build for non-standart archs
- make check enabled again
* Wed Jun 19 2013 Jiri Vanek <jvanek@redhat.com> 1.4.0-1
- added patch1 b25-appContextFix.patch to make it run with future openjdk
* Sat May  4 2013 Jiri Vanek <jvanek@redhat.com> 1.4-0
- Updated to 1.4
- See announcement for detail
 - http://mail.openjdk.java.net/pipermail/distro-pkg-dev/201...
- added check
* Wed Apr 17 2013 Jiri Vanek <jvanek@redhat.com> 1.3.2-0
- Updated to latest ustream release of 1.3 branch - 1.3.2
 - Security Updates
  - CVE-2013-1927, RH884705: fixed gifar vulnerability
  - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
 - Common
  - Added new option in itw-settings which allows users to set JVM arguments when plugin is
initialized.
 - NetX
  - PR580: http://www.horaoficial.cl/ loads improperly
 - Plugin
   PR1260: IcedTea-Web should not rely on GTK
   PR1157: Applets can hang browser after fatal exception
- Removed upstreamed patch to remove GTK dependency
  - icedtea-web-pr1260-remove-gtk-dep.patch
* Wed Jan 16 2013 Deepak Bhole <dbhole@redhat.com> 1.3.1-3
- Resolves: rhbz#889644, rhbz#895197
- Added patch to remove GTK dependency
* Thu Dec 20 2012 Jiri Vanek <jvanek@redhat.com> 1.3.1-2
- Moved to be  build with GTK3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1007960 - CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.4
        https://bugzilla.redhat.com/show_bug.cgi?id=1007960
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds