Bug 840572 (CVE-2013-4349) - VUL-0: CVE-2013-4349: icedtea-web 1.4.1 released
Summary: VUL-0: CVE-2013-4349: icedtea-web 1.4.1 released
Status: RESOLVED FIXED
Alias: CVE-2013-4349
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Critical
Target Milestone: ---
Deadline: 2013-09-26
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp3:54505
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-16 13:05 UTC by Michal Vyskocil
Modified: 2013-10-04 08:14 UTC (History)
2 users (show)

See Also:
Found By: DeveloperNet
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Vyskocil 2013-09-16 13:05:11 UTC 
Already public

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024691.html


New in release 1.4.1 (2013-XX-YY):
* Improved and cleaned Temporary internet files panel
* NetX
  - PR1465 - java.io.FileNotFoundException while trying to download a JAR file
  - PR1473 - javaws should not depend on name of local file
* Plugin
  - PR854: Resizing an applet several times causes 100% CPU load
* Security Updates
  - CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet

+ reproducers tests are enabled in dist-tarball
+ application context support for  OpenJDK build 25 and higher
+ small patches into rhino support and
+ PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties
  - which are backports and are not in news from some reason :)
Comment 1 Swamp Workflow Management 2013-09-16 22:00:30 UTC 
bugbot adjusting priority
Comment 2 Alexander Bergmann 2013-09-17 07:55:15 UTC 
CVE-2013-4349 was assigned for this issue that was missed in 1.4.
Comment 5 Michal Vyskocil 2013-09-20 13:34:27 UTC 
sent to

 * factory: 199857
 * 12.2:    199858
 * 12.3:    199859
Comment 6 Bernhard Wiedemann 2013-09-20 14:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (840572) was mentioned in
https://build.opensuse.org/request/show/199857 Factory / icedtea-web
https://build.opensuse.org/request/show/199858 12.2 / icedtea-web
https://build.opensuse.org/request/show/199859 12.3 / icedtea-web
Comment 11 Bernhard Wiedemann 2013-09-24 12:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (840572) was mentioned in
https://build.opensuse.org/request/show/200361 Evergreen:11.2:Test / icedtea-web
Comment 13 Swamp Workflow Management 2013-09-24 15:26:05 UTC 
The SWAMPID for this issue is 54503.
This issue was rated as critical.
Please submit fixed packages until 2013-09-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 14 Swamp Workflow Management 2013-09-30 16:04:20 UTC 
openSUSE-SU-2013:1509-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 840572
CVE References: CVE-2012-4540,CVE-2013-4349
Sources used:
openSUSE 12.3 (src):    icedtea-web-1.4.1-4.22.1
openSUSE 12.2 (src):    icedtea-web-1.4.1-1.25.1
Comment 15 Bernhard Wiedemann 2013-09-30 17:00:39 UTC 
This is an autogenerated message for OBS integration:
This bug (840572) was mentioned in
https://build.opensuse.org/request/show/201511 Evergreen:11.2 / icedtea-web
Comment 16 Swamp Workflow Management 2013-09-30 17:04:19 UTC 
openSUSE-SU-2013:1511-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 840572
CVE References: CVE-2012-4540,CVE-2013-4349
Sources used:
openSUSE 11.4 (src):    icedtea-web-1.4.1-38.2
Comment 17 Marcus Meissner 2013-10-02 14:21:45 UTC 
released
Comment 18 Swamp Workflow Management 2013-10-02 16:47:50 UTC 
Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP2 (i386, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
Comment 19 Swamp Workflow Management 2013-10-02 16:48:41 UTC 
Update released for: icedtea-web, icedtea-web-debuginfo, icedtea-web-debugsource, icedtea-web-javadoc
Products:
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)