[ Matthias Klose ]
* IcedTea-Web 1.2.3 release.
* Security Updates:
- CVE-2013-1927: fixed gifar vulnerability.
- CVE-2013-1926: Class-loader incorrectly shared for applets with same
relative-path.
* Common:
- PR1161: X509VariableTrustManager does not work correctly with OpenJDK7.
* NetX:
- PR580: http://www.horaoficial.cl/ loads improperly.
* Plugin:
- PR1157: Applets can hang browser after fatal exception.
[ Jamie Strandboge ]
* debian/rules: generate icedtea-plugin meta package
* debian/icedtea-netx.postinst.in: skip update-alternatives on
openjdk-7 binaries if they don't exist
* Regenerate the control file
* Update to the 1.2.2 bug fix release. LP: #1131479.
- Includes security fixes uploaded earlier.
- Bug fixes:
- PR1106: Buffer overflow in plugin table.
- PR898: signed applications with big jnlp-file doesn't start (webstart
affect like "frozen").
- PR811: javaws is not handling urls with spaces (and other characters
needing encoding) correctly.
- S816592: icedtea-web not loading GeoGebra java applets in Firefox
or Chrome.
- PR863: Error passing strings to applet methods in Chromium.
- PR895: IcedTea-Web searches for missing classes on each loadClass
or findClass.
- PR518: NPString.utf8characters not guaranteed to be nul-terminated.
- Disambiguate signed applet security prompt from certificate warning.
* Search both OpenJDK-6 and OpenJDK-7 when starting itweb-settings.
LP: #1078424.
* SECURITY UPDATE: Fix denial of service in exception handling
- debian/patches/icedtea-web-CVE-2012-4540.patch: adjust off by one in
exception string storage in IcedTeaScriptablePluginObject.cc. Also fix
two memory leaks.
- CVE-2012-4540
* debian/patches/fix-plugin-error-on-chromium.patch: fix plugin
table initialization to check only that the subset of hooks that
it uses exists. (LP: #1025553)
* debian/control, debian/control.common: adjust so that
icedtea-netx-common replaces icedtea-plugin in oneiric
(LP: #1002516)
* SECURITY UPDATE: uninitialized pointer use flaw
- debian/patches/icedtea-web-CVE-2012-3422.patch: check for empty
instance_to_id_map hash and return error if so.
- CVE-2012-3422
* SECURITY UPDATE: incorrect handling of non NULL terminated strings
- debian/patches/icedtea-web-CVE-2012-3423.patch: ensure NPVariant
NPStrings are NULL terminated.
- CVE-2012-3423
* debian/control, debian/control.common: add replaces on icedtea-net
and icedtea-6-plugin for conflicting files in older releases,
caused by icedtea-web security pocket backport to those releases
in conjunction with openjdk-6 security backport (LP: #1024708)
icedtea-web (1.2-2ubuntu1) precise; urgency=low
* Regenerate the control file.
-- Jamie Strandboge <email address hidden> Wed, 17 Apr 2013 17:52:21 -0500
This bug was fixed in the package icedtea-web - 1.2.3-0ubuntu0. 11.10.1
--------------- 0ubuntu0. 11.10.1) oneiric-security; urgency=low
icedtea-web (1.2.3-
[ Matthias Klose ] path. stManager does not work correctly with OpenJDK7. www.horaoficial .cl/ loads improperly.
* IcedTea-Web 1.2.3 release.
* Security Updates:
- CVE-2013-1927: fixed gifar vulnerability.
- CVE-2013-1926: Class-loader incorrectly shared for applets with same
relative-
* Common:
- PR1161: X509VariableTru
* NetX:
- PR580: http://
* Plugin:
- PR1157: Applets can hang browser after fatal exception.
[ Jamie Strandboge ] icedtea- netx.postinst. in: skip update-alternatives on
* debian/rules: generate icedtea-plugin meta package
* debian/
openjdk-7 binaries if they don't exist
* Regenerate the control file
icedtea-web (1.2.2-0ubuntu1) precise-proposed; urgency=low
* Update to the 1.2.2 bug fix release. LP: #1131479. utf8characters not guaranteed to be nul-terminated.
- Includes security fixes uploaded earlier.
- Bug fixes:
- PR1106: Buffer overflow in plugin table.
- PR898: signed applications with big jnlp-file doesn't start (webstart
affect like "frozen").
- PR811: javaws is not handling urls with spaces (and other characters
needing encoding) correctly.
- S816592: icedtea-web not loading GeoGebra java applets in Firefox
or Chrome.
- PR863: Error passing strings to applet methods in Chromium.
- PR895: IcedTea-Web searches for missing classes on each loadClass
or findClass.
- PR518: NPString.
- Disambiguate signed applet security prompt from certificate warning.
* Search both OpenJDK-6 and OpenJDK-7 when starting itweb-settings.
LP: #1078424.
icedtea-web (1.2-2ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: Fix denial of service in exception handling patches/ icedtea- web-CVE- 2012-4540. patch: adjust off by one in lePluginObject. cc. Also fix
- debian/
exception string storage in IcedTeaScriptab
two memory leaks.
- CVE-2012-4540
icedtea-web (1.2-2ubuntu1.2) precise-proposed; urgency=low
* debian/ patches/ fix-plugin- error-on- chromium. patch: fix plugin control. common: adjust so that netx-common replaces icedtea-plugin in oneiric
table initialization to check only that the subset of hooks that
it uses exists. (LP: #1025553)
* debian/control, debian/
icedtea-
(LP: #1002516)
icedtea-web (1.2-2ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: uninitialized pointer use flaw patches/ icedtea- web-CVE- 2012-3422. patch: check for empty to_id_map hash and return error if so. patches/ icedtea- web-CVE- 2012-3423. patch: ensure NPVariant control. common: add replaces on icedtea-net
- debian/
instance_
- CVE-2012-3422
* SECURITY UPDATE: incorrect handling of non NULL terminated strings
- debian/
NPStrings are NULL terminated.
- CVE-2012-3423
* debian/control, debian/
and icedtea-6-plugin for conflicting files in older releases,
caused by icedtea-web security pocket backport to those releases
in conjunction with openjdk-6 security backport (LP: #1024708)
icedtea-web (1.2-2ubuntu1) precise; urgency=low
* Regenerate the control file.
-- Jamie Strandboge <email address hidden> Wed, 17 Apr 2013 17:52:21 -0500