Bug 1007960 (CVE-2013-4349)
Summary: | CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.4 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | dbhole, jkurik, jvanek, mjc, omajid, pfrields, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | icedtea-web 1.4.1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-04 13:36:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1007962, 1008511, 1009820 | ||
Bug Blocks: | 1007974 |
Description
Tomas Hoger
2013-09-13 15:49:50 UTC
Statement: Not vulnerable. This issue did not affect the versions of icedtea-web as shipped with Red Hat Enterprise Linux 6. The CVE-2012-4540 issue was previously corrected via RHSA-2012:1434. Issue is now fixed in 1.4.1 and also corrected in head (for future 1.5 branch): http://icedtea.classpath.org/hg/icedtea-web/rev/dbd98f24eebb http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a Created icedtea-web tracking bugs for this issue: Affects: fedora-all [bug 1008511] IcedTea-Web 1.4.1 release announcement: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024752.html icedtea-web-1.4.1-0.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. icedtea-web-1.4.1-0.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. icedtea-web-1.4.1-0.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. Note this CVE id was rejected by Mitre. |