Debian Bug report logs - #686934
unblock: icedtea-web/1.3-2

Package:; Maintainer for is Debian Release Team <>;

Reported by: Matthias Klose <>

Date: Fri, 7 Sep 2012 11:09:02 UTC

Severity: normal

Done: "Adam D. Barratt" <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Debian Release Team <>:
Bug#686934; Package (Fri, 07 Sep 2012 11:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthias Klose <>:
New Bug report received and forwarded. Copy sent to Debian Release Team <>. (Fri, 07 Sep 2012 11:09:04 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Matthias Klose <>
To: Debian Bug Tracking System <>
Subject: unblock: icedtea-web/1.3-2
Date: Fri, 07 Sep 2012 13:03:20 +0200
Usertags: unblock
Severity: normal

reasons for the unblock

 - security fixes
 - hardened build
 - RC bug fix #681269

complete changelog:

icedtea-web (1.3-2) unstable; urgency=high

  * Configure with --disable-docs (the developer docs aren't shipped
    anyway). Works around the build failure on s390.

 -- Matthias Klose <>  Thu, 06 Sep 2012 23:03:51 +0200

icedtea-web (1.3-1) unstable; urgency=high

  * IcedTea-Web 1.3 release.
  * Security updates:
    - CVE-2012-3422: Potential read from an uninitialized memory location.
    - CVE-2012-3423: Incorrect handling of not 0-terminated strings.
  * NetX fixes:
    - PR898: signed applications with big jnlp-file doesn't start (webstart
      affect like "frozen").
    - PR811: javaws is not handling urls with spaces (and other characters
      needing encoding) correctly.
  * Plugin fixes:
    - PR820: IcedTea-Web 1.1.3 crashing Firefox when loading Citrix XenApp.
    - PR863: Error passing strings to applet methods in Chromium.
    - PR895: IcedTea-Web searches for missing classes on each loadClass or
    - PR861: Allow loading from non codebase hosts. Allow code to connect
      to hosting server.
    - PR518: NPString.utf8characters not guaranteed to be nul-terminated.
    - PR722: META-INF/ unsigned entries should be ignored in signing.
    - PR855: AppletStub getDocumentBase() doesn't return full URL.
    - PR1011: Folders treated as jar files in archive tag.
    - PR1106: Buffer overflow in plugin table.
    - PR975: Plugin should not include classpaths specified in jar manifests
      when using jnlp_href.
    - PR588: Cookies not written from cookie jar to browser cookies.
  * Common fixes:
    - PR918: java applet windows uses a low resulution black/white icon.
    - Disambiguate signed applet security prompt from certificate warning.
    - PR955: regression: SweetHome3D fails to run.

  * For Ubuntu quantal, set priorities for alternatives higher than for
    OpenJDK 6.
  * Call update-alternatives when the existing priority for the alternative
    is lower than the current one.
  * icedtea-netx: Don't set the alternatives to a OpenJDK which is not
    installed. Closes: #681269.
  * Allow building the plugin for OpenJDK 6 using OpenJDK 7.
  * Build with hardening defaults.

Reply sent to "Adam D. Barratt" <>:
You have taken responsibility. (Mon, 24 Sep 2012 19:48:08 GMT) Full text and rfc822 format available.

Notification sent to Matthias Klose <>:
Bug acknowledged by developer. (Mon, 24 Sep 2012 19:48:08 GMT) Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: "Adam D. Barratt" <>
To: Matthias Klose <>,
Subject: Re: Bug#686934: unblock: icedtea-web/1.3-2
Date: Mon, 24 Sep 2012 20:43:14 +0100
On Fri, 2012-09-07 at 13:03 +0200, Matthias Klose wrote:
>  - security fixes
>  - hardened build
>  - RC bug fix #681269




Bug archived. Request was from Debbugs Internal Request <> to (Tue, 23 Oct 2012 07:27:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Fri Apr 18 20:01:32 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.