Comment 18 for bug 1025553

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icedtea-web - 1.2-2ubuntu3

---------------
icedtea-web (1.2-2ubuntu3) quantal; urgency=low

  * SECURITY UPDATE: uninitialized pointer use flaw
    - debian/patches/icedtea-web-CVE-2012-3422.patch: check for empty
      instance_to_id_map hash and return error if so.
    - CVE-2012-3422
  * SECURITY UPDATE: incorrect handling of non NULL terminated strings
    - debian/patches/icedtea-web-CVE-2012-3423.patch: ensure NPVariant
      NPStrings are NULL terminated.
    - CVE-2012-3423
  * debian/patches/fix-plugin-error-on-chromium.patch: fix plugin
    table initialization to check only that the subset of hooks that
    it uses exists. (LP: #1025553)
 -- Steve Beattie <email address hidden> Fri, 03 Aug 2012 21:10:50 -0700