[Bug 1078424] Re: itweb-settings in icedtea-netx actually depends on openjdk-6

Launchpad Bug Tracker 1078424 at bugs.launchpad.net
Thu Apr 18 21:30:22 UTC 2013 

This bug was fixed in the package icedtea-web - 1.2.3-0ubuntu0.12.04.1

---------------
icedtea-web (1.2.3-0ubuntu0.12.04.1) precise-security; urgency=low

  * IcedTea-Web 1.2.3 release.
  * Security Updates:
    - CVE-2013-1927: fixed gifar vulnerability.
    - CVE-2013-1926: Class-loader incorrectly shared for applets with same
      relative-path.
  * Common:
    - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7.
  * NetX:
    - PR580: http://www.horaoficial.cl/ loads improperly.
  * Plugin:
    - PR1157: Applets can hang browser after fatal exception.

icedtea-web (1.2.2-0ubuntu1) precise-proposed; urgency=low

  * Update to the 1.2.2 bug fix release. LP: #1131479.
    - Includes security fixes uploaded earlier.
    - Bug fixes:
      - PR1106: Buffer overflow in plugin table.
      - PR898: signed applications with big jnlp-file doesn't start (webstart
        affect like "frozen").
      - PR811: javaws is not handling urls with spaces (and other characters
        needing encoding) correctly.
      - S816592: icedtea-web not loading GeoGebra java applets in Firefox
        or Chrome.
      - PR863: Error passing strings to applet methods in Chromium.
      - PR895: IcedTea-Web searches for missing classes on each loadClass
        or findClass.
      - PR518: NPString.utf8characters not guaranteed to be nul-terminated.
      - Disambiguate signed applet security prompt from certificate warning.
  * Search both OpenJDK-6 and OpenJDK-7 when starting itweb-settings.
    LP: #1078424.
 -- Matthias Klose <doko at ubuntu.com>   Wed, 17 Apr 2013 01:06:18 +0200

** Changed in: icedtea-web (Ubuntu Precise)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1926

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1927

** Changed in: icedtea-web (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4540

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to icedtea-web in Ubuntu.
https://bugs.launchpad.net/bugs/1078424

Title:
  itweb-settings in icedtea-netx actually depends on openjdk-6

Status in “icedtea-web” package in Ubuntu:
  Fix Released
Status in “icedtea-web” source package in Precise:
  Fix Released

Bug description:
  Package: icedtea-netx
  …
  Version: 1.2-2ubuntu1.3
  …
  Depends: … openjdk-6-jre (>= 6b23~pre10~) | openjdk-7-jre …

  so it is either openjdk-6 or -7, but /usr/bin/itweb-settings looks like:
  ========================================
  #!/bin/sh
  JAVA=/usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java
  …
  ========================================

  Replacing this with
  ========================================
  #!/bin/sh
  for V in 6 7; do
    J=/usr/lib/jvm/java-$V-openjdk-amd64/jre/bin/java
    if test -x $J; then
      JAVA=$J
      break
    fi
  done
  test -n "$JAVA" || exit 1
  …
  ========================================
  makes the control panel compatible with both major openjdk versions, as specified in Depends.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icedtea-web/+bug/1078424/+subscriptions

More information about the foundations-bugs mailing list