[Bug 1131479] Re: bring icedtea-web bug fixes from the 1.2.2 bug fix release to precise

Launchpad Bug Tracker 1131479 at bugs.launchpad.net
Thu Apr 18 21:30:30 UTC 2013 

This bug was fixed in the package icedtea-web - 1.2.3-0ubuntu0.10.04.1

---------------
icedtea-web (1.2.3-0ubuntu0.10.04.1) lucid-security; urgency=low

  [ Matthias Klose ]
  * IcedTea-Web 1.2.3 release.
  * Security Updates:
    - CVE-2013-1927: fixed gifar vulnerability.
    - CVE-2013-1926: Class-loader incorrectly shared for applets with same
      relative-path.
  * Common:
    - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7.
  * NetX:
    - PR580: http://www.horaoficial.cl/ loads improperly.
  * Plugin:
    - PR1157: Applets can hang browser after fatal exception.

  [ Jamie Strandboge ]
  * debian/rules: generate icedtea-plugin meta package
  * debian/control.in: update icedtea-netx replace/conflicts to avoid
    javaws conflict with openjdk-6-jre
  * debian/icedtea-netx.postinst.in: skip update-alternatives on
    openjdk-7 binaries if they don't exist
  * Regenerate the control file.

icedtea-web (1.2.2-0ubuntu1) precise-proposed; urgency=low

  * Update to the 1.2.2 bug fix release. LP: #1131479.
    - Includes security fixes uploaded earlier.
    - Bug fixes:
      - PR1106: Buffer overflow in plugin table.
      - PR898: signed applications with big jnlp-file doesn't start (webstart
        affect like "frozen").
      - PR811: javaws is not handling urls with spaces (and other characters
        needing encoding) correctly.
      - S816592: icedtea-web not loading GeoGebra java applets in Firefox
        or Chrome.
      - PR863: Error passing strings to applet methods in Chromium.
      - PR895: IcedTea-Web searches for missing classes on each loadClass
        or findClass.
      - PR518: NPString.utf8characters not guaranteed to be nul-terminated.
      - Disambiguate signed applet security prompt from certificate warning.
  * Search both OpenJDK-6 and OpenJDK-7 when starting itweb-settings.
    LP: #1078424.

icedtea-web (1.2-2ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: Fix denial of service in exception handling
    - debian/patches/icedtea-web-CVE-2012-4540.patch: adjust off by one in
      exception string storage in IcedTeaScriptablePluginObject.cc. Also fix
      two memory leaks.
    - CVE-2012-4540
 -- Jamie Strandboge <jamie at ubuntu.com>   Wed, 17 Apr 2013 17:57:13 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to icedtea-web in Ubuntu.
https://bugs.launchpad.net/bugs/1131479

Title:
  bring icedtea-web bug fixes from the 1.2.2 bug fix release to precise

Status in “icedtea-web” package in Ubuntu:
  Fix Released
Status in “icedtea-web” source package in Precise:
  Fix Released

Bug description:
  The current icedtea-web in precise is a 1.2.1 prerelease, this brings
  bug fixes collected from the 1.2.2 release to precise, including some
  browser crashes.

  icedtea-web (1.2.2-0ubuntu1) precise-proposed; urgency=low

    * Update to the 1.2.2 bug fix release.
      - Includes security fixes uploaded earlier.
      - Bug fixes:
        - PR1106: Buffer overflow in plugin table.
        - PR898: signed applications with big jnlp-file doesn't start (webstart
          affect like "frozen").
        - PR811: javaws is not handling urls with spaces (and other characters
          needing encoding) correctly.
        - S816592: icedtea-web not loading GeoGebra java applets in Firefox
          or Chrome.
        - PR863: Error passing strings to applet methods in Chromium.
        - PR895: IcedTea-Web searches for missing classes on each loadClass
          or findClass.
        - PR518: NPString.utf8characters not guaranteed to be nul-terminated.
        - Disambiguate signed applet security prompt from certificate warning.
    * Search both OpenJDK-6 and OpenJDK-7 when starting itweb-settings.
      LP: #1078424.

  Please find attached a diff without changes to generated files, and
  without the removed patches.

  Removed patches, included in the new subminor versions:
    - debian/patches/fix-plugin-error-on-chromium.patch
    - debian/patches/gcc-option-order.diff (whitespace changes)
    - debian/patches/hg-updates.diff
    - debian/patches/icedtea-web-CVE-2012-3422.patch
    - debian/patches/icedtea-web-CVE-2012-3423.patch
    - debian/patches/icedtea-web-CVE-2012-4540.patch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icedtea-web/+bug/1131479/+subscriptions

More information about the foundations-bugs mailing list