-
icedtea-web (1.5.3-0ubuntu0.14.04.1) trusty-security; urgency=medium
* Updated to upstream version 1.5.3 to fix two security issues:
- CVE-2015-5234: applet URL sanitization issue
- CVE-2015-5235: unsigned applet origin issue
-- Marc Deslauriers <email address hidden> Fri, 20 Nov 2015 13:37:54 -0500
-
icedtea-web (1.5-1ubuntu1) trusty; urgency=medium
* Regenerate the control file.
icedtea-web (1.5-1) sid; urgency=medium
* IcedTea-Web 1.5 release.
* Build using dh-autoreconf.
-- Matthias Klose <email address hidden> Mon, 07 Apr 2014 18:00:19 +0200
-
icedtea-web (1.4.2-1ubuntu2) trusty; urgency=medium
* fix ftbfs with newer xulrunner:
- debian/patches/xulrunner-27-ftbfs.patch
- debian/control*: added dh-autoreconf to Build-Depends
-- Marc Deslauriers <email address hidden> Tue, 04 Mar 2014 15:28:23 -0500
-
icedtea-web (1.4.2-1ubuntu1) trusty; urgency=medium
* Merge with Debian; remaining changes:
- Regenerate the control file.
icedtea-web (1.4.2-1) unstable; urgency=high
* IcedTea-Web 1.4.2 release.
- Security Updates- CVE-2012-4540: Heap-based buffer overflow after
triggering event.
-- Matthias Klose <email address hidden> Wed, 05 Feb 2014 21:38:04 +0100
-
icedtea-web (1.4.1-1ubuntu1) trusty; urgency=low
* Merge with Debian; remaining changes:
- Regenerate the control file.
icedtea-web (1.4.1-1) unstable; urgency=low
* IcedTea-Web 1.4.1 release.
* Build for AArch64.
* Don't build icedtea-6-plugin on KFreeBSD.
icedtea-web (1.4-3.1) unstable; urgency=low
* Non-maintainer upload.
* Add CVE-2013-4349.diff patch.
CVE-2013-4349: Fix IcedTeaScriptableJavaObject::invoke off-by-one
heap-based buffer overflow after triggering event attached to applets.
(Closes: #723118)
-- Matthias Klose <email address hidden> Sat, 19 Oct 2013 17:51:32 +0200
-
icedtea-web (1.4-3ubuntu2) saucy; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via triggering event
attached to applet
- debian/patches/CVE-2013-4349.patch: don't allocate error messages on
heap in plugin/icedteanp/IcedTeaScriptablePluginObject.cc.
- CVE-2013-4349
-- Marc Deslauriers <email address hidden> Tue, 24 Sep 2013 15:05:29 -0400