On Tue, May 24, 2016 at 09:34:49PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Thu, 2016-03-17 at 23:06 +0100, Moritz Muehlenhoff wrote:
> > I'd like to update icedtea-web in jessie to 1.5.3 in the next
> > jessie point release. This fixes two security issues (CVE-2015-5234,
> > CVE-2015-5235), which are not easily backportable, so I rather made
> > the update to the minor point update which fixes those (similar
> > to what we do with openjdk-7 itself).
> >
> > I've tested this on a jessie with various web applets I could
> > find (fortunately finding these in the wild is becoming increasingly
> > difficult!).
> >
> > The debdiff is here: https://people.debian.org/~jmm/icedtea-web.debdiff
> > (the actual change to the debian/ directory is just the changelog
> > entry bump). Ubuntu has also updated to those point bugfix updates
> > in USNs for a while now.
>
> I'm not exactly overjoyed by the size of the diff, but it's Java is
> stable, so I'm just going to close my eyes and assume you know what
> you're doing. :-)
Thanks :-) Uploaded.
Cheers,
Moritz
