Control: tags -1 + pending On Wed, 2016-05-25 at 20:41 +0200, Moritz Mühlenhoff wrote: > On Tue, May 24, 2016 at 09:34:49PM +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Thu, 2016-03-17 at 23:06 +0100, Moritz Muehlenhoff wrote: > > > I'd like to update icedtea-web in jessie to 1.5.3 in the next > > > jessie point release. This fixes two security issues (CVE-2015-5234, > > > CVE-2015-5235), which are not easily backportable, so I rather made > > > the update to the minor point update which fixes those (similar > > > to what we do with openjdk-7 itself). > > > > > > I've tested this on a jessie with various web applets I could > > > find (fortunately finding these in the wild is becoming increasingly > > > difficult!). > > > > > > The debdiff is here: https://people.debian.org/~jmm/icedtea-web.debdiff > > > (the actual change to the debian/ directory is just the changelog > > > entry bump). Ubuntu has also updated to those point bugfix updates > > > in USNs for a while now. > > > > I'm not exactly overjoyed by the size of the diff, but it's Java is > > stable, so I'm just going to close my eyes and assume you know what > > you're doing. :-) > > Thanks :-) Uploaded.
Flagged for acceptance. Regards, Adam
