[SECURITY] Fedora 20 Update: icedtea-web-1.4.1-0.fc20

updates at fedoraproject.org updates at fedoraproject.org
Mon Sep 23 00:27:02 UTC 2013

Fedora Update Notification
2013-09-17 17:59:33

Name        : icedtea-web
Product     : Fedora 20
Version     : 1.4.1
Release     : 0.fc20
URL         : http://icedtea.classpath.org/wiki/IcedTea-Web
Summary     : Additional Java components for OpenJDK - Java browser plug-in and Web Start implementation
Description :
The IcedTea-Web project provides a Java web browser plugin, an implementation
of Java Web Start (originally based on the Netx project) and a settings tool to
manage deployment settings for the aforementioned plugin and Web Start

Update Information:

Updated to icedtea-web 1.4.1
New in release 1.4.1 (2013-XX-YY):
* Improved and cleaned Temporary internet files panel
* PR1465 - java.io.FileNotFoundException while trying to download a JAR file
* PR1473 - javaws should not depend on name of local file
* PR854: Resizing an applet several times causes 100% CPU load
* CVE-2012-4540, RH869040: Heap-based buffer overflow after triggering event attached to applet
* reproducers tests are enabled in dist-tarball
* application context support for  OpenJDK build 25 and higher
* small patches into rhino support and
* PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties
* add icedtea-web man page
* make check enabled again
* should be build for non-standart archs
* removed unused multilib arches

  [ 1 ] Bug #1007960 - CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.4

This update can be installed with the "yum" update program.  Use 
su -c 'yum update icedtea-web' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list