815596 – (CVE-2013-1926) VUL-0: icedtea-web: CVE-2013-1926, CVE-2013-1927: bypass same origin policy

Bug 815596 (CVE-2013-1926) - VUL-0: icedtea-web: CVE-2013-1926, CVE-2013-1927: bypass same origin policy

Summary: VUL-0: icedtea-web: CVE-2013-1926, CVE-2013-1927: bypass same origin policy

Status:	RESOLVED FIXED

Alias:	CVE-2013-1926

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Normal
Target Milestone:	---
Deadline:	2013-05-02
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp2:52173 maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-04-17 08:32 UTC by Sebastian Krahmer
Modified:	2015-02-18 22:32 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Sebastian Krahmer 2013-04-17 08:32:28 UTC

Apparently EMBARGOED until tomorrow.

Comment 2 Sebastian Krahmer 2013-04-17 11:18:29 UTC

Seems to be released:

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022790.html

Comment 3 Michal Vyskocil 2013-04-17 14:36:45 UTC

sent an update to all maintained products

Comment 4 Bernhard Wiedemann 2013-04-17 15:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (815596) was mentioned in
https://build.opensuse.org/request/show/171296 Factory / icedtea-web
https://build.opensuse.org/request/show/171297 Maintenance / 
https://build.opensuse.org/request/show/171298 Factory / icedtea-web
https://build.opensuse.org/request/show/171299 Maintenance / 
https://build.opensuse.org/request/show/171300 Maintenance / 
https://build.opensuse.org/request/show/171303 Maintenance /

Comment 6 Bernhard Wiedemann 2013-04-18 10:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (815596) was mentioned in
https://build.opensuse.org/request/show/171375 Factory / icedtea-web

Comment 7 Swamp Workflow Management 2013-04-18 13:02:46 UTC

The SWAMPID for this issue is 52165.
This issue was rated as moderate.
Please submit fixed packages until 2013-05-02.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 8 Bernhard Wiedemann 2013-04-23 17:00:52 UTC

This is an autogenerated message for OBS integration:
This bug (815596) was mentioned in
https://build.opensuse.org/request/show/173079 Maintenance / 
https://build.opensuse.org/request/show/173083 Evergreen:11.2 / icedtea-web

Comment 9 Swamp Workflow Management 2013-04-26 14:04:52 UTC

openSUSE-SU-2013:0715-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 815596
CVE References: CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 12.2 (src):    icedtea-web-1.3.2-1.13.1

Comment 10 Swamp Workflow Management 2013-04-27 01:41:54 UTC

Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP2 (i386, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)

Comment 11 Sebastian Krahmer 2013-04-29 08:33:38 UTC

released

Comment 13 Swamp Workflow Management 2013-05-02 08:06:24 UTC

openSUSE-SU-2013:0735-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 815596
CVE References: CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 12.1 (src):    icedtea-web-1.3.2-22.1

Comment 14 Swamp Workflow Management 2013-06-10 09:13:12 UTC

openSUSE-SU-2013:0897-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 815596
CVE References: CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 12.3 (src):    icedtea-web-1.3.2-4.5.1

Comment 15 Swamp Workflow Management 2013-06-10 10:12:28 UTC

openSUSE-SU-2013:0941-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 815596
CVE References: CVE-2013-1926,CVE-2013-1927
Sources used:
openSUSE 11.4 (src):    icedtea-web-1.3.2-30.1

Comment 16 Swamp Workflow Management 2013-07-10 13:54:32 UTC

Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)