Site Navigation:
security java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc19 security update
Status:obsolete
Release: Fedora 19
Update ID: FEDORA-2013-5861
Builds: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc19 (logs)
Pushed: False
Date Submitted: 2013-04-17 08:28:45
Date Released: 2013-04-17 16:06:21
Submitter: jvanek
Karma: 0
Stable karma: 2
Unstable karma: -2
Details
- updated to updated IcedTea  2.3.9 with fix to one of security fixes
  -  fixed font glyph offset
WARNING     - this build have not yet updated not-hotspot (arm...)builds!
- added client to ghosted classes.jsa
- updated to IcedTea  2.3.9 with latest security patches
  - 920245 CVE-2013-0401 OpenJDK: unspecified sandbox bypass (CanSecWest 2013, AWT)
  - 920247 CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest 2013, Libraries)
  - 952387 CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
  - 952389 CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
  - 952398 CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
  - 952509 CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
  - 952521 CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
  - 952524 CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
  - 952550 CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)
  - 952638 CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
  - 952640 CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
  - 952642 CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
  - 952645 CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336)
  - 952646 CVE-2013-1518 OpenJDK: JAXP missing security restrictions (JAXP, 6657673)
  - 952648 CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
  - 952649 CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
  - 952653 CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063)
  - 952656 CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031)
  - 952657 CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
  - 952708 CVE-2013-2383 OpenJDK: font layout and glyph table errors (2D, 8004986)
  - 952709 CVE-2013-2384 OpenJDK: font layout and glyph table errors (2D, 8004987)
  - 952711 CVE-2013-1569 OpenJDK: font layout and glyph table errors (2D, 8004994)
- buildver sync to b19
- rewritten java-1.7.0-openjdk-java-access-bridge-security.patch
- fixed priority (one zero deleted)
- unapplied patch2
- added patch107 abrt_friendly_hs_log_jdk7.patch
- removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch
- removed redundant rm of classes.jsa, ghost is handling it correctly
Feedback
bodhi - 2013-04-17 08:28:48
This update has been submitted for testing by jvanek.
autoqa - 2013-04-17 08:54:39
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/qzwk (results are informative only)
autoqa - 2013-04-17 10:03:22
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/r033 (results are informative only)
bodhi - 2013-04-17 13:28:37
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-04-17 16:23:05
This update has been pushed to testing
pbrobinson (proventesters) - 2013-04-17 19:03:03
FTBFS on ARM
adomurad - 2013-04-17 20:04:50
Looks good to me.
jerboaa - 2013-04-18 09:29:02
There seems to be a problem with using tomcat. Looks like it's related to jre/lib/ext/java-atk-wrapper.jar
omajid - 2013-04-18 15:39:13
looks good here.
bodhi - 2013-04-20 22:07:03
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-04-21 19:25:52
This update has been obsoleted by https://admin.fedoraproject.org/updates/java-1.7.0-openjdk-1.7.0.19-2.3.9.3.fc19

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters