On Sun, Jan 13, 2013 at 05:30:31PM +0100, Landry Breuil wrote: > On Sat, Jan 12, 2013 at 04:56:15PM -0600, Ed Ahlsen-Girard wrote: > > Do these: > > > > > > Vulnerability Note VU#625617 > > > > Alert (TA13-010A) > > > > apply to the IcedTea in packages? > > No fu****g idea, when in doubt consider yes. There's no related commit > in their hg tree. Java sucks, news at 11.
After a bit more digging : https://bugzilla.redhat.com/show_bug.cgi?id=894172 So it seems our icedtea-web was vulnerable because we build it with jdk 1.7 (redhat builds it with openjdk 6) - but kurt@ has just commited an update to a jdk 1.7 with a fix for the CVE : http://marc.info/?l=openbsd-ports-cvs&m=135854826231558&w=2 So i think we should be good now. Landry
