Sicherheit: Pufferüberlauf in icedtea-web
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in icedtea-web
ID: FEDORA-2013-17026
Distribution: Fedora
Plattformen: Fedora 19
Datum: Sa, 21. September 2013, 22:16
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4540
Applikationen: icedtea-web


Name        : icedtea-web
Product : Fedora 19
Version : 1.4.1
Release : 0.fc19
URL : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary : Additional Java components for OpenJDK - Java browser plug-in and
Web Start implementation
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start

Update Information:

Updated to icedtea-web 1.4.1
New in release 1.4.1 (2013-XX-YY):
* Improved and cleaned Temporary internet files panel
* PR1465 - java.io.FileNotFoundException while trying to download a JAR file
* PR1473 - javaws should not depend on name of local file
* PR854: Resizing an applet several times causes 100% CPU load
* CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event
attached to applet
* reproducers tests are enabled in dist-tarball
* application context support for OpenJDK build 25 and higher
* small patches into rhino support and
* PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other
* add icedtea-web man page
* make check enabled again
* should be build for non-standart archs
* removed unused multilib arches

* Tue Sep 17 2013 Jiri Vanek <jvanek@redhat.com> 1.4.1-0
- updated to 1.4.1
- add icedtea-web man page
- removed upstreamed patch1 b25-appContextFix.patch
- removed upstreamed patch2 rhino-pac-permissions.patch
- make check enabled again
- should be build for non-standart archs !-)
- removed unused multilib arches (yupii!)
* Tue Jul 23 2013 Omair Majid <jvanek@redhat.com> 1.4.0-3
- Added upstream fix for RH982558

[ 1 ] Bug #1007960 - CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed
in 1.4

This update can be installed with the "yum" update program. Use
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Traut euch!
Neue Nachrichten