Oracle Java SE 7 Update 11 resolves CVE-2012-3174, an unknown flaw that allows for remote arbitrary code execution, related to CVE-2013-0422 (bug 894172). External Reference: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Created java-1.7.0-openjdk tracking bugs for this issue Affects: fedora-all [bug 895035]
Related commits in upstream OpenJDK7 repositories: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ecc14534318c http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d9969a953f69
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0156 https://rhn.redhat.com/errata/RHSA-2013-0156.html
I'm not sure which of the two CVEs this is referring to, but this could be pertinent to OpenJDK where we can actually change code: http://immunityproducts.blogspot.com.ar/2013/01/confirmed-java-only-fixed-one-of-two.html
(In reply to comment #8) > I'm not sure which of the two CVEs this is referring to The post should be related to CVE-2013-0422, see bug 894172, comment 27.
Patches integrated in upstream IcedTea versions 2.1.4, 2.2.4 and 2.3.4: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-January/021413.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2013:0165 https://rhn.redhat.com/errata/RHSA-2013-0165.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:0626 https://rhn.redhat.com/errata/RHSA-2013-0626.html