[SECURITY] Fedora 18 Update: icedtea-web-1.4.1-0.fc18

Fri Oct 4 01:58:51 UTC 2013

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-17016
2013-09-18 11:40:36
--------------------------------------------------------------------------------

Name        : icedtea-web
Product     : Fedora 18
Version     : 1.4.1
Release     : 0.fc18
URL         : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary     : Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start
implementations.

--------------------------------------------------------------------------------
Update Information:

Updated to icedtea-web 1.4.1
New in release 1.4.1 (2013-XX-YY):
* Improved and cleaned Temporary internet files panel
* PR1465 - java.io.FileNotFoundException while trying to download a JAR file
* PR1473 - javaws should not depend on name of local file
* PR854: Resizing an applet several times causes 100% CPU load
* CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
* reproducers tests are enabled in dist-tarball
* application context support for  OpenJDK build 25 and higher
* small patches into rhino support and
* PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties
* add icedtea-web man page
* make check enabled again
* should be build for non-standart archs
* removed unused multilib arches
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 17 2013 Jiri Vanek <jvanek at redhat.com> 1.4.1-0
- updated to 1.4.1
- add icedtea-web man page
- removed upstreamed  patch1 b25-appContextFix.patch
- should be build for non-standart archs
- make check enabled again
* Wed Jun 19 2013 Jiri Vanek <jvanek at redhat.com> 1.4.0-1
- added patch1 b25-appContextFix.patch to make it run with future openjdk
* Sat May  4 2013 Jiri Vanek <jvanek at redhat.com> 1.4-0
- Updated to 1.4
- See announcement for detail
 - http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-May/023195.html
- added check
* Wed Apr 17 2013 Jiri Vanek <jvanek at redhat.com> 1.3.2-0
- Updated to latest ustream release of 1.3 branch - 1.3.2
 - Security Updates
  - CVE-2013-1927, RH884705: fixed gifar vulnerability
  - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path.
 - Common
  - Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized.
 - NetX
  - PR580: http://www.horaoficial.cl/ loads improperly
 - Plugin
   PR1260: IcedTea-Web should not rely on GTK
   PR1157: Applets can hang browser after fatal exception
- Removed upstreamed patch to remove GTK dependency
  - icedtea-web-pr1260-remove-gtk-dep.patch
* Wed Jan 16 2013 Deepak Bhole <dbhole at redhat.com> 1.3.1-3
- Resolves: rhbz#889644, rhbz#895197
- Added patch to remove GTK dependency
* Thu Dec 20 2012 Jiri Vanek <jvanek at redhat.com> 1.3.1-2
- Moved to be  build with GTK3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1007960 - CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.4
        https://bugzilla.redhat.com/show_bug.cgi?id=1007960
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------