* SECURITY UPDATE: uninitialized pointer use flaw
- debian/patches/icedtea-web-CVE-2012-3422.patch: check for empty
instance_to_id_map hash and return error if so.
- CVE-2012-3422
* SECURITY UPDATE: incorrect handling of non NULL terminated strings
- debian/patches/icedtea-web-CVE-2012-3423.patch: ensure NPVariant
NPStrings are NULL terminated.
- CVE-2012-3423
* debian/control, debian/control.common: add replaces on icedtea-net
and icedtea-6-plugin for conflicting files in older releases,
caused by icedtea-web security pocket backport to those releases
in conjunction with openjdk-6 security backport (LP: #1024708)
-- Steve Beattie <email address hidden> Fri, 27 Jul 2012 23:14:25 -0700
This bug was fixed in the package icedtea-web - 1.2-2ubuntu1.1
---------------
icedtea-web (1.2-2ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: uninitialized pointer use flaw patches/ icedtea- web-CVE- 2012-3422. patch: check for empty to_id_map hash and return error if so. patches/ icedtea- web-CVE- 2012-3423. patch: ensure NPVariant control. common: add replaces on icedtea-net
- debian/
instance_
- CVE-2012-3422
* SECURITY UPDATE: incorrect handling of non NULL terminated strings
- debian/
NPStrings are NULL terminated.
- CVE-2012-3423
* debian/control, debian/
and icedtea-6-plugin for conflicting files in older releases,
caused by icedtea-web security pocket backport to those releases
in conjunction with openjdk-6 security backport (LP: #1024708)
-- Steve Beattie <email address hidden> Fri, 27 Jul 2012 23:14:25 -0700