Your message dated Tue, 01 Oct 2013 22:48:51 +0000 with message-id <e1vr8kn-0003as...@franck.debian.org> and subject line Bug#723118: fixed in icedtea-web 1.4-3.1 has caused the Debian Bug report #723118, regarding icedtea-web: CVE-2013-4349: patch for CVE-2012-4540 not applied to 1.4 branch to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 723118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: icedtea-web Version: 1.4-3~deb7u1 Severity: grave Tags: security upstream patch fixed-upstream Control: found -1 1.4-3 Hi the following vulnerability was published for icedtea-web. CVE-2013-4349[0]: IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow This previously was already fixed in 1.1, 1.2, and 1.3 IcedTea-Web branches (this was CVE-2012-4540). But this did not get applied to head at that time. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-4349 [1] http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: icedtea-web Source-Version: 1.4-3.1 We believe that the bug you reported is fixed in the latest version of icedtea-web, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 723...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated icedtea-web package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Sep 2013 10:00:03 +0200 Source: icedtea-web Binary: icedtea-netx icedtea-plugin icedtea-netx-common icedtea-6-plugin icedtea-7-plugin Architecture: source amd64 all Version: 1.4-3.1 Distribution: unstable Urgency: low Maintainer: OpenJDK Team <open...@lists.launchpad.net> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: icedtea-6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a icedtea-7-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a icedtea-netx - NetX - implementation of the Java Network Launching Protocol (JNL icedtea-netx-common - NetX - implementation of the Java Network Launching Protocol (JNL icedtea-plugin - web browser plugin to execute Java applets (dependency package) Closes: 723118 Changes: icedtea-web (1.4-3.1) unstable; urgency=low . * Non-maintainer upload. * Add CVE-2013-4349.diff patch. CVE-2013-4349: Fix IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow after triggering event attached to applets. (Closes: #723118) Checksums-Sha1: 6aa3941afbc2ee75f972e78abe5fcbcad398b88b 2396 icedtea-web_1.4-3.1.dsc 43e0737bb2e121018cef0bca80b133c0002984e6 32627 icedtea-web_1.4-3.1.debian.tar.gz b04dd66e3b0d8217f5be3b230fe5da4a7c47735d 19740 icedtea-netx_1.4-3.1_amd64.deb c2068573472f51bdf283d1a7260ba7a004e3c73e 77920 icedtea-6-plugin_1.4-3.1_amd64.deb 57390a7d5ce2311aae3ba068edcc8e133a328ae7 77908 icedtea-7-plugin_1.4-3.1_amd64.deb df09596493ff2e13bfd908516a723c82a1d40464 848830 icedtea-netx-common_1.4-3.1_all.deb 5255dea2a7bacc502873365a4ff1a76a4c388e86 8234 icedtea-plugin_1.4-3.1_all.deb Checksums-Sha256: c90cdfc00edc1cc4eed7ac6c5ea4892d40b1929d2049ddbecfd50c4a98adf979 2396 icedtea-web_1.4-3.1.dsc 7166c591bc2524286b18673f74ddc32d0128fd3d0129a86d86fe7df2e10d51b6 32627 icedtea-web_1.4-3.1.debian.tar.gz b87a48f42f8d56c7624e279b5e5f3739fd5d78d4125ee239cdc9700f16cbc2be 19740 icedtea-netx_1.4-3.1_amd64.deb f21c44f7359049b135929b985cf9631c081c438d81aa6213f027b6fe67e39a38 77920 icedtea-6-plugin_1.4-3.1_amd64.deb 7f4568d897620cea62a822bd48c59a5eabdd8e339f4d8e5d8016a64f049b5a57 77908 icedtea-7-plugin_1.4-3.1_amd64.deb 14a2fd19dfd4efac17fbc7765ef0ca5de9e019e5578c0cca014603800b17267a 848830 icedtea-netx-common_1.4-3.1_all.deb 47d78f3110b4fc92b096b9a1d250873596748af5847a8e6f35ebc7212bbed57a 8234 icedtea-plugin_1.4-3.1_all.deb Files: 72eeabc7d80890f7da711f0c144673b9 2396 java extra icedtea-web_1.4-3.1.dsc b5926a9fe9e917c5fefe475db9e7a4a1 32627 java extra icedtea-web_1.4-3.1.debian.tar.gz d7bb08cee39ebd404270a4003b4130cb 19740 java extra icedtea-netx_1.4-3.1_amd64.deb 6ea398acf32e86bd3cc11a1ded62e295 77920 web extra icedtea-6-plugin_1.4-3.1_amd64.deb e0a6b1a9fe145c8ba942b61933e85a60 77908 web extra icedtea-7-plugin_1.4-3.1_amd64.deb 5be1979c910f8fca02e8aa08553637ae 848830 java extra icedtea-netx-common_1.4-3.1_all.deb 528db2e374f354ea7bb78fae46efb9f6 8234 web extra icedtea-plugin_1.4-3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCgAGBQJSRo7GAAoJEHidbwV/2GP+EZAP/jBSUbhQ2ZKCEp2RHoelIfL5 wKFOeivNwx5l6e2jXH7GvfdqSXlJV4GIav++xcxauKxWTjXx1xANgOeodlY/wccT qGVvn9Cyvb1OUgkXb+XqIx7ARalLBcRAxN10wL3UfAYwhZHgKYJZJFRX8qLj37R3 dvHN5eZzQKZKDylmeWSt48aTe56KU5YNtyjrR1uDsJ+comk/t/ZtLxAubNMXyy1N i1MsNJj+UWfW1ngJZudYfpl32dbfUYSFl/DmSK3Zc5gW9D82hWhmkkkTZWn11Oy8 HctKE5MVf7WQbbf69gZkD4FQIeAPq19OEkAdmdBmyyvyVq6VE5cZXNTsXqmIiSXc SBhUAcz0sUS5YxDm5/WZ7ylYl4mDr8EIDLPlYjDznTMZFif+KR8WBTUhnYkjiuRl 5hfeuDQdGpoI6822Rx7wR9uqV7Iov5d58hAOd0vsfRbsprYtsd2vGgC1YTkwD2/c DecQ6SGDmTi0mf8IMke/66btZ0Kt5yB0HyZCaXDwOcM0zgq1bYgWX9ik1CLha7n4 v6NOELHhQsV9+S3OEj3f1OSkBqX0ysv4KO9nxMdjiTGq4m3au/dGG5XCpPguHJc9 OUIFbRP2TVh+A1EQ6/BVjYiTIf+ZNsPOs3aNfUYJynYaJvKV3QuPkTgp4jlI5JQs /hpapi89WWjx1thRCj54 =t9z1 -----END PGP SIGNATURE-----
--- End Message ---
