nixpkgs

Commit Graph

Author	SHA1	Message	Date
Stefano Mazzucco	e26a52a655	icedtea_web: 1.7.1 -> 1.8.3 Use the new official repository on GitHub and build the new launcher written in Rust. Also fixes the following security vulnerabilities: - CVE-2019-10185: zip-slip attack during auto-extraction of a JAR file. - CVE-2019-10181: executable code could be injected in a JAR file without compromising the signature verification. - CVE-2019-10182: improper path sanitization from <jar/> elements in JNLP files. References: https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327	2019-08-10 08:28:21 +01:00

Author

SHA1

Message

Date

Stefano Mazzucco

e26a52a655

icedtea_web: 1.7.1 -> 1.8.3

Use the new official repository on GitHub and build the new launcher written in
Rust.

Also fixes the following security vulnerabilities:

- CVE-2019-10185: zip-slip attack during auto-extraction of a JAR file.

- CVE-2019-10181: executable code could be injected in a JAR file without
  compromising the signature verification.

- CVE-2019-10182: improper path sanitization from <jar/> elements in JNLP
  files.

References:
https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327

2019-08-10 08:28:21 +01:00

1 Commits