Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

icedtea-web: CVE-2015-5234 CVE-2015-5235

Related Vulnerabilities: CVE-2015-5234   CVE-2015-5235  

Source

Debian Bug report logs - #798467
icedtea-web: CVE-2015-5234 CVE-2015-5235

version graph

Package: icedtea-web; Maintainer for icedtea-web is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Wed, 9 Sep 2015 17:45:06 UTC

Severity: grave

Tags: security

Found in version 1.5-1

Fixed in version icedtea-web/1.6.1-1

Done: Matthias Klose <doko@ubuntu.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, OpenJDK Team <openjdk@lists.launchpad.net>:
Bug#798467; Package icedtea-web. (Wed, 09 Sep 2015 17:45:09 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, OpenJDK Team <openjdk@lists.launchpad.net>. (Wed, 09 Sep 2015 17:45:09 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: icedtea-web: CVE-2015-5234 CVE-2015-5235
Date: Wed, 09 Sep 2015 19:15:30 +0200
Package: icedtea-web
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see the respective Red Hat bugs for details and links to patches:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5234
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5235

Cheers,
        Moritz

Marked as found in versions 1.5-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 14 Sep 2015 18:33:04 GMT) (full text, mbox, link).

Reply sent to Matthias Klose <doko@ubuntu.com>:
You have taken responsibility. (Tue, 26 Jan 2016 23:03:18 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 26 Jan 2016 23:03:18 GMT) (full text, mbox, link).

Message #12 received at 798467-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@ubuntu.com>
To: 798467-close@bugs.debian.org
Subject: Bug#798467: fixed in icedtea-web 1.6.1-1
Date: Tue, 26 Jan 2016 23:00:29 +0000
Source: icedtea-web
Source-Version: 1.6.1-1

We believe that the bug you reported is fixed in the latest version of
icedtea-web, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 798467@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@ubuntu.com> (supplier of updated icedtea-web package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 26 Jan 2016 13:55:17 +0100
Source: icedtea-web
Binary: icedtea-netx icedtea-plugin icedtea-netx-common icedtea-7-plugin icedtea-8-plugin
Architecture: source amd64 all
Version: 1.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: OpenJDK Team <openjdk@lists.launchpad.net>
Changed-By: Matthias Klose <doko@ubuntu.com>
Description:
 icedtea-7-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 icedtea-8-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 icedtea-netx - NetX - implementation of the Java Network Launching Protocol (JNL
 icedtea-netx-common - NetX - implementation of the Java Network Launching Protocol (JNL
 icedtea-plugin - web browser plugin to execute Java applets (dependency package)
Closes: 754367 798467
Changes:
 icedtea-web (1.6.1-1) unstable; urgency=medium
 .
   * IcedTea-Web 1.6.1 release.
     - CVE-2015-5234: applet URL sanitization issue
     - CVE-2015-5235: unsigned applet origin issue. Closes: #798467.
   * Build using npapi-sdk-dev. Closes: #754367.
   * Build a icedtea-8-plugin package.
Checksums-Sha1:
 828a090c79336c06e493c16bd05cacd3536a95b0 2772 icedtea-web_1.6.1-1.dsc
 1e7d8f9a57ba94b4db1a3d6a5b46b69ba77994e0 1776222 icedtea-web_1.6.1.orig.tar.gz
 157b855572cc7ea2dd5fd250398e323a16e45dcd 16160 icedtea-web_1.6.1-1.debian.tar.xz
 91d2ea412c6035c7a4abe75b75eac9f52c5049a9 957914 icedtea-7-plugin-dbgsym_1.6.1-1_amd64.deb
 3262294d9a7462153c231e62dea465cf8bd42f85 197338 icedtea-7-plugin_1.6.1-1_amd64.deb
 f3bdd08a1c77c621faee64359d9c2482dce066ec 958038 icedtea-8-plugin-dbgsym_1.6.1-1_amd64.deb
 7367d2e100e5c33b27d20404bbf7ab0acbcc0669 197360 icedtea-8-plugin_1.6.1-1_amd64.deb
 2e0f2da25bf40c08e97d150db340c48378760ae5 1339712 icedtea-netx-common_1.6.1-1_all.deb
 cc59e22fa2d5a8fd95f822ab702e457422c1d91d 36492 icedtea-netx_1.6.1-1_amd64.deb
 a57b1d25980600b6f68a5d34862a48da00d286ee 8982 icedtea-plugin_1.6.1-1_all.deb
Checksums-Sha256:
 921117031f3231c6b48a4821797e8d71037c844c0b40932933a5b70c81eb98c4 2772 icedtea-web_1.6.1-1.dsc
 a9b46ab6c9dc303c89651143596bc5abea29242b9bdcabdd2dab7c606592c920 1776222 icedtea-web_1.6.1.orig.tar.gz
 68e95a7c15e365423019f6cd6c87a737c9edd8cd659dedd866f2ec5488603165 16160 icedtea-web_1.6.1-1.debian.tar.xz
 3ca1f3c618d6ab16845dba4d3c032db5861e9bbd5f5560c6684a4da9e90779d1 957914 icedtea-7-plugin-dbgsym_1.6.1-1_amd64.deb
 1e6646e6c247f0a6eb334b4c4bc5ff12b41722769d3889e1218d79f88bd6e53f 197338 icedtea-7-plugin_1.6.1-1_amd64.deb
 565234f8a3926388e16a687df0f05ad7256c11dc3f9c099ac615e8f04dbed312 958038 icedtea-8-plugin-dbgsym_1.6.1-1_amd64.deb
 4fbf520451d1825f84fa9dd882fa86858f54448df75b0e3f16e14776c7db0c47 197360 icedtea-8-plugin_1.6.1-1_amd64.deb
 240bf88b8efb5b45c50b839a6ba1370dcbfc69246b23323860fbc4fa4bfec4dc 1339712 icedtea-netx-common_1.6.1-1_all.deb
 e29445c0b9100802f2a72bf1983162734c9b162a32816eaa4a507e76c1b61569 36492 icedtea-netx_1.6.1-1_amd64.deb
 aab1626f4b0325d6a90e6e12b37d98fdb092f9187224cef77454740b82479482 8982 icedtea-plugin_1.6.1-1_all.deb
Files:
 11801269ce1d6e3631f8a9533d7a5e8d 2772 java extra icedtea-web_1.6.1-1.dsc
 35d6712a5d9db69e8bd14ab68f94d748 1776222 java extra icedtea-web_1.6.1.orig.tar.gz
 665987fe9e43be6494501240e9dc38c2 16160 java extra icedtea-web_1.6.1-1.debian.tar.xz
 41f42f8c3145f4fca2db7ebbf9a501e3 957914 debug extra icedtea-7-plugin-dbgsym_1.6.1-1_amd64.deb
 cbf87f8b0529db743cdab8d4c3496654 197338 web extra icedtea-7-plugin_1.6.1-1_amd64.deb
 e69cf1b36010d21dd6346138fe86c04a 958038 debug extra icedtea-8-plugin-dbgsym_1.6.1-1_amd64.deb
 2c6b720b0b6a935de3a828d3b9e45db2 197360 web extra icedtea-8-plugin_1.6.1-1_amd64.deb
 d3a13f5d38142849fc81d4324d5881fc 1339712 java extra icedtea-netx-common_1.6.1-1_all.deb
 8f690e9c479493f6876ec092e8977f11 36492 java extra icedtea-netx_1.6.1-1_amd64.deb
 1743699dceb08e87be643425f5890f96 8982 web extra icedtea-plugin_1.6.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWp4sHAAoJEL1+qmB3j6b1GKAP/RffC7SbGDlJt1l3uMkanaP+
+Mq3rNlGhx46Pebp23h9rP6Oc7YPBq3AbnVd4FTrosWZpgSHGG3kTKzzShhVOfCP
35gdQysPiATcCyVE58Dn02JNccJEUimAGJa3NSw0XNLGk/VnHUZOC25NmW1PMgd4
pPzmm1Og8Tb1mvqwXzFKw7BDoM2GrO0Mjudufr7t9VhWCoeXuQ6PnJNql/7vUNQh
42ZIOlnvIUDjLEpyApp/lfISPkrTPiN7T0CkenijZ6vwPqbHhUumQmhPTSEZX0E6
durHWA9esUit/oxCs8FMDp1/D+C+mM2hhj5iBR7dllqB+DTlusLGoGxEQuRWiZaQ
rOOVghrCJfEZ/W3j3Lkya+HGyteVkt9JrsbK2RRuP+i87uwkOtN0dlP7HMUPFBgg
mripWq/oKLKT2ue8ttusaFcQKeL+4q+6Sbx+5OnyJpkEQw4HFQ51hSVvI+eyRgWs
hShA3bu5+0h5lbbVPYKjP5kwauYB83l938cvahp9rORwpIsKB6V/7+YHlSPO3tQj
WoMrO0OVlxrrt0pFA0Q01pml6he5+NKhpCFjmGwzHb9WeGfLUazk8e/V3vU8kwlw
zzLpEatqM7KveQdfQJSpJdCtoQxXxJ/XFcqVgWpeYksgoYRPyPPi9UvJMMcdZV3F
GEqFmuDmyzC4kBHcAOmR
=H8Uq
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 05 Dec 2016 10:25:31 GMT) (full text, mbox, link).

Bug unarchived. Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (Wed, 07 Dec 2016 01:42:51 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 16 Jul 2017 07:47:41 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:16:43 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started