openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #09581
Bug#723118: icedtea-web: CVE-2013-4349: patch for CVE-2012-4540 not applied to 1.4 branch
Package: icedtea-web
Version: 1.4-3~deb7u1
Severity: grave
Tags: security upstream patch fixed-upstream
Control: found -1 1.4-3
Hi
the following vulnerability was published for icedtea-web.
CVE-2013-4349[0]:
IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow
This previously was already fixed in 1.1, 1.2, and 1.3 IcedTea-Web
branches (this was CVE-2012-4540). But this did not get applied to
head at that time.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4349
[1] http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
Regards,
Salvatore