Ubuntu
icedtea-web package

  1. Bug #1024708
  2. Comment #2

Comment 2 for bug 1024708

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icedtea-web - 1.2-2ubuntu1.1

---------------
icedtea-web (1.2-2ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: uninitialized pointer use flaw
    - debian/patches/icedtea-web-CVE-2012-3422.patch: check for empty
      instance_to_id_map hash and return error if so.
    - CVE-2012-3422
  * SECURITY UPDATE: incorrect handling of non NULL terminated strings
    - debian/patches/icedtea-web-CVE-2012-3423.patch: ensure NPVariant
      NPStrings are NULL terminated.
    - CVE-2012-3423
  * debian/control, debian/control.common: add replaces on icedtea-net
    and icedtea-6-plugin for conflicting files in older releases,
    caused by icedtea-web security pocket backport to those releases
    in conjunction with openjdk-6 security backport (LP: #1024708)
 -- Steve Beattie <email address hidden> Fri, 27 Jul 2012 23:14:25 -0700