1
PublicDateAtUSN: 2013-04-17
2
Candidate: CVE-2013-2384
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
6
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
7
https://usn.ubuntu.com/usn/usn-1806-1
8
https://usn.ubuntu.com/usn/usn-1819-1
9
http://site.icu-project.org/download/51#TOC-Known-Issues
10
https://usn.ubuntu.com/usn/usn-2522-1
12
Unspecified vulnerability in the Java Runtime Environment (JRE) component
13
in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
14
Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to
15
affect confidentiality, integrity, and availability via unknown vectors
16
related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383,
17
and CVE-2013-2420. NOTE: the previous information is from the April 2013
18
CPU. Oracle has not commented on claims from another vendor that this issue
19
is related to "font layout" in the International Components for Unicode
20
(ICU) Layout Engine before 51.2.
23
mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
24
jdstrand> sun-java6 is not redistributable, no longer in the archive and
26
jdstrand> sun-java5 is EOL upstream and no longer tracked
27
jdstrand> as of 2013-04-19, IcedTea has not released 2.3.9 or 1.12.5 to fix
30
http://bugs.icu-project.org/trac/ticket/10107
31
http://bugs.icu-project.org/trac/ticket/10143
37
upstream_openjdk-6: released (6u45)
38
hardy_openjdk-6: ignored (reached end-of-life)
39
lucid_openjdk-6: released (6b27-1.12.5-0ubuntu0.10.04.1)
40
oneiric_openjdk-6: released (6b27-1.12.5-0ubuntu0.11.10.1)
41
precise_openjdk-6: released (6b27-1.12.5-0ubuntu0.12.04.1)
42
quantal_openjdk-6: released (6b27-1.12.5-0ubuntu0.12.10.1)
43
raring_openjdk-6: released (6b27-1.12.5-1ubuntu1)
44
trusty_openjdk-6: not-affected
45
utopic_openjdk-6: not-affected
46
devel_openjdk-6: not-affected
49
upstream_openjdk-7: released (7u21)
52
oneiric_openjdk-7: released (7u21-2.3.9-0ubuntu0.11.10.1)
53
precise_openjdk-7: released (7u21-2.3.9-0ubuntu0.12.04.1)
54
quantal_openjdk-7: released (7u21-2.3.9-0ubuntu0.12.10.1)
55
raring_openjdk-7: released (7u21-2.3.9-1ubuntu1)
56
trusty_openjdk-7: not-affected
57
utopic_openjdk-7: not-affected
58
devel_openjdk-7: not-affected
61
upstream_openjdk-6b18: needs-triage
62
hardy_openjdk-6b18: DNE
63
lucid_openjdk-6b18: ignored (reached end-of-life)
64
oneiric_openjdk-6b18: ignored (superseded by openjdk-6)
65
precise_openjdk-6b18: DNE
66
quantal_openjdk-6b18: DNE
67
raring_openjdk-6b18: DNE
68
trusty_openjdk-6b18: DNE
69
utopic_openjdk-6b18: DNE
70
devel_openjdk-6b18: DNE
73
upstream_icedtea-web: not-affected
74
hardy_icedtea-web: DNE
75
lucid_icedtea-web: not-affected
76
oneiric_icedtea-web: not-affected
77
precise_icedtea-web: not-affected
78
quantal_icedtea-web: not-affected
79
raring_icedtea-web: not-affected
80
trusty_icedtea-web: not-affected
81
utopic_icedtea-web: not-affected
82
devel_icedtea-web: not-affected
85
upstream: http://bugs.icu-project.org/trac/changeset/33535 (trunk)
86
upstream: http://bugs.icu-project.org/trac/changeset/33537 (51.1.1)
87
upstream: http://bugs.icu-project.org/trac/changeset/33538 (docs)
88
upstream: http://bugs.icu-project.org/trac/changeset/33540 (api doc)
89
upstream: http://bugs.icu-project.org/trac/changeset/33712 (mem leak)
90
upstream: http://download.icu-project.org/files/icu4c/51.1/icu-51-layout-fix-10107.tgz
91
upstream_icu: released (51.2)
92
lucid_icu: ignored (reached end-of-life)
93
precise_icu: released (4.8.1.1-3ubuntu0.3)
94
trusty_icu: not-affected (52.1-3)
95
utopic_icu: not-affected (52.1-6)
96
devel_icu: not-affected (52.1-7.1)