Ubuntu
icedtea-web package

Change logs for icedtea-web source package in Trusty

  1. Trusty (14.04)
  2. Change log 
  • icedtea-web (1.5.3-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream version 1.5.3 to fix two security issues:
    - CVE-2015-5234: applet URL sanitization issue
    - CVE-2015-5235: unsigned applet origin issue

 -- Marc Deslauriers <email address hidden>  Fri, 20 Nov 2015 13:37:54 -0500
  • icedtea-web (1.5-1ubuntu1) trusty; urgency=medium

  * Regenerate the control file.

icedtea-web (1.5-1) sid; urgency=medium

  * IcedTea-Web 1.5 release.
  * Build using dh-autoreconf.
 -- Matthias Klose <email address hidden>   Mon, 07 Apr 2014 18:00:19 +0200
  • icedtea-web (1.4.2-1ubuntu2) trusty; urgency=medium

  * fix ftbfs with newer xulrunner:
    - debian/patches/xulrunner-27-ftbfs.patch
    - debian/control*: added dh-autoreconf to Build-Depends
 -- Marc Deslauriers <email address hidden>   Tue, 04 Mar 2014 15:28:23 -0500
  • icedtea-web (1.4.2-1ubuntu1) trusty; urgency=medium

  * Merge with Debian; remaining changes:
    - Regenerate the control file.

icedtea-web (1.4.2-1) unstable; urgency=high

  * IcedTea-Web 1.4.2 release.
    - Security Updates- CVE-2012-4540: Heap-based buffer overflow after
      triggering event.
 -- Matthias Klose <email address hidden>   Wed, 05 Feb 2014 21:38:04 +0100
  • icedtea-web (1.4.1-1ubuntu1) trusty; urgency=low

  * Merge with Debian; remaining changes:
    - Regenerate the control file.

icedtea-web (1.4.1-1) unstable; urgency=low

  * IcedTea-Web 1.4.1 release.
  * Build for AArch64.
  * Don't build icedtea-6-plugin on KFreeBSD.

icedtea-web (1.4-3.1) unstable; urgency=low

  * Non-maintainer upload.
  * Add CVE-2013-4349.diff patch.
    CVE-2013-4349: Fix IcedTeaScriptableJavaObject::invoke off-by-one
    heap-based buffer overflow after triggering event attached to applets.
    (Closes: #723118)
 -- Matthias Klose <email address hidden>   Sat, 19 Oct 2013 17:51:32 +0200
  • icedtea-web (1.4-3ubuntu2) saucy; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via triggering event
    attached to applet
    - debian/patches/CVE-2013-4349.patch: don't allocate error messages on
      heap in plugin/icedteanp/IcedTeaScriptablePluginObject.cc.
    - CVE-2013-4349
 -- Marc Deslauriers <email address hidden>   Tue, 24 Sep 2013 15:05:29 -0400