Bug 7259

Summary: requesting icedtea-web update
Product: Mageia Reporter: Thomas Andrews <andrewsfarm>
Component: SecurityAssignee: D Morgan <dmorganec>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal CC: luigiwalser, wilcal.int
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: icedtea-web CVE:
Status comment:

Description Thomas Andrews 2012-08-30 18:24:02 CEST 
According to http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html a new icedtea-web has just been released that, among other things, addresses the zero-day problem that was announced just this week.
Manuel Hiebel 2012-08-30 21:24:43 CEST

Component: New RPM package request => Security
Assignee: bugsquad => dmorganec
Source RPM: (none) => icedtea-web

William Kenney 2012-08-31 04:59:26 CEST

CC: (none) => wilcal.int

Comment 1 David Walser 2012-09-07 15:11:58 CEST 
That is not icedtea-web, it is IcedTea (part of java-1.7.0-openjdk).

Your Java plugin is not vulnerable to the zero day, because icedtea-web in Mageia 2 is using java-1.6.0-openjdk, which is not affected.

Only standalone Java programs executed manually could exploit this vulnerability on Mageia 2.  A fix for java-1.7.0-openjdk is already pending.  See Bug 7278.

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => INVALID