Package: icedtea-web Version: 1.4-3~deb7u1 Severity: grave Tags: security upstream patch fixed-upstream Control: found -1 1.4-3
Hi the following vulnerability was published for icedtea-web. CVE-2013-4349[0]: IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow This previously was already fixed in 1.1, 1.2, and 1.3 IcedTea-Web branches (this was CVE-2012-4540). But this did not get applied to head at that time. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2013-4349 [1] http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
