Bug 7259 - requesting icedtea-web update
Summary: requesting icedtea-web update
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: D Morgan
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-30 18:24 CEST by Thomas Andrews
Modified: 2012-09-07 15:11 CEST (History)
2 users (show)

See Also:
Source RPM: icedtea-web
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Andrews 2012-08-30 18:24:02 CEST 
According to http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html a new icedtea-web has just been released that, among other things, addresses the zero-day problem that was announced just this week.
Manuel Hiebel 2012-08-30 21:24:43 CEST

Component: New RPM package request => Security
Assignee: bugsquad => dmorganec
Source RPM: (none) => icedtea-web

William Kenney 2012-08-31 04:59:26 CEST

CC: (none) => wilcal.int

Comment 1 David Walser 2012-09-07 15:11:58 CEST 
That is not icedtea-web, it is IcedTea (part of java-1.7.0-openjdk).

Your Java plugin is not vulnerable to the zero day, because icedtea-web in Mageia 2 is using java-1.6.0-openjdk, which is not affected.

Only standalone Java programs executed manually could exploit this vulnerability on Mageia 2.  A fix for java-1.7.0-openjdk is already pending.  See Bug 7278.

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => INVALID
Note You need to log in before you can comment on or make changes to this bug.