[Secure-testing-commits] r23848 - data/CVE

Salvatore Bonaccorso carnil at alioth.debian.org
Tue Oct 1 19:19:23 UTC 2013


Author: carnil
Date: 2013-10-01 19:19:23 +0000 (Tue, 01 Oct 2013)
New Revision: 23848

Modified:
   data/CVE/list
Log:
Add fixed version for CVE-2013-4349/icedtea-web

Add the fixed version from deferred queue which will enter the archive
in some hours. Need to rebuild the packages for wheezy (1.4-3.1~deb7u1)
based on 1.4-3.1.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-01 16:45:29 UTC (rev 23847)
+++ data/CVE/list	2013-10-01 19:19:23 UTC (rev 23848)
@@ -3582,7 +3582,7 @@
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
 CVE-2013-4349 [IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow]
 	RESERVED
-	- icedtea-web <unfixed> (bug #723118)
+	- icedtea-web 1.4-3.1 (bug #723118)
 	NOTE: issues CVE-2012-4540 not fixed in 1.4 branch
 	NOTE: Patch: http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
 CVE-2013-4348




More information about the Secure-testing-commits mailing list