Bugzilla – Bug 846177
VUL-0: CVE-2013-3829: Oracle (binary) JRE tracker 1.7.0 and older: Oracle CPU 2013 October
Last modified: 2019-08-16 16:43:56 UTC
CVE-2013-3829 java.util.TimeZone does not properly restrict changing the time zone to the default time zone. An untrusted Java application or applet could exploit this to change the default time zone of their application contexts. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3829 https://bugzilla.redhat.com/show_bug.cgi?id=1019133 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
release note for the jdk release update (7u45) http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html#newft
lets use this as a tracker bug for Oracle Java SE October 2013 update http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixJAVA CVE-2013-5782 CVE-2013-5830 CVE-2013-5809 CVE-2013-5829 CVE-2013-5814 CVE-2013-5824 CVE-2013-5788 CVE-2013-5787 CVE-2013-5789 CVE-2013-5817 CVE-2013-5842 CVE-2013-5843 CVE-2013-5832 CVE-2013-5850 CVE-2013-5838 CVE-2013-5805 CVE-2013-5806 CVE-2013-5846 CVE-2013-5810 CVE-2013-5844 CVE-2013-5777 CVE-2013-5852 CVE-2013-5802 CVE-2013-5775 CVE-2013-5804 CVE-2013-5812 CVE-2013-3829 CVE-2013-5783 CVE-2013-5825 CVE-2013-4002 CVE-2013-5823 CVE-2013-5778 CVE-2013-5801 CVE-2013-5776 CVE-2013-5818 CVE-2013-5819 CVE-2013-5831 CVE-2013-5820 CVE-2013-5851 CVE-2013-5840 CVE-2013-5774 CVE-2013-5848 CVE-2013-5780 CVE-2013-5800 CVE-2013-5849 CVE-2013-5790 CVE-2013-5784 CVE-2013-5797 CVE-2013-5772 CVE-2013-5803 CVE-2013-5854
The SWAMPID for this issue is 54732. This issue was rated as important. Please submit fixed packages until 2013-10-23. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
moving tracker bug back to security-team - openjdk/icedtea and IBM Java will be fixed in their respective reports (once they will be released).
openjdk is tracked in bug 846999. it was opened linking Oracle SE patch.