Re: https://bugzilla.mozilla.org/show_bug.cgi?id=555342#c24
the fix is in IcedTea and uploaded to lucid. (3) afaik FC12 does use the IcedTeaPlugin.cc, not the IcedTeaNPPlugin.cc. The former is not affected. No release enables the IcedTeaNPPlugin.cc by default. ** Bug watch added: Mozilla Bugzilla #555342 https://bugzilla.mozilla.org/show_bug.cgi?id=555342 -- IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher https://bugs.launchpad.net/bugs/552287 You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in ubuntu. Status in “openjdk-6” package in Ubuntu: Fix Released Bug description: See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342. (Apologies for this report, I'm not the person who discovered this bug and am relaying the discoverer's information.) 1) Ubuntu 10.04 b1 2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1) 3) No buffer overflow 4) Buffer overflow See the steps to reproduce in the Mozilla bug; the buffer overflow is more dramatic in Firefox nightlies with out-of-process plugins because it always results in a crash in the plugin subprocesses. It will only sometimes result in a crash of the Firefox process. It's easier to just paste a fix for this bug than describe it more. The diff is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289. Marking security vulnerability for safety; I think this would be hard to exploit. _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
