{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk-plugin":"1.6.1-2.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"java-1_7_0-openjdk-plugin","purl":"pkg:rpm/suse/java-1_7_0-openjdk-plugin&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.1-2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"java-1_7_0-openjdk-plugin":"1.6.1-2.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12","name":"java-1_7_0-openjdk-plugin","purl":"pkg:rpm/suse/java-1_7_0-openjdk-plugin&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.1-2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe Java IcedTea-Web Plugin was updated to 1.6.1 bringing\nvarious features, bug- and securityfixes.\n\n* Enabled Entry-Point attribute check\n* permissions sandbox and signed app and unsigned app with\n  permissions all-permissions now run in sandbox instead of not\nt all.\n* fixed DownloadService\n* comments in deployment.properties now should persists load/save\n* fixed bug in caching of files with query\n* fixed issues with recreating of existing shortcut\n* trustAll/trustNone now processed correctly\n* headless no longer shows dialogues\n* RH1231441 Unable to read the text of the buttons of the security\n  dialogue\n* Fixed RH1233697 icedtea-web: applet origin spoofing\n  (CVE-2015-5235, bsc#944208)\n* Fixed RH1233667 icedtea-web: unexpected permanent authorization\n  of unsigned applets (CVE-2015-5234, bsc#944209)\n* MissingALACAdialog made available also for unsigned applications\n  (but ignoring actual manifest value) and fixed\n* NetX\n  - fixed issues with -html shortcuts\n  - fixed issue with -html receiving garbage in width and height\n* PolicyEditor\n  - file flag made to work when used standalone\n  - file flag and main argument cannot be used in combination\n\nThe update to 1.6 is included and brings:\n\n* Massively improved offline abilities. Added Xoffline switch to\n  force work without inet connection.\n* Improved to be able to run with any JDK\n* JDK 6 and older no longer supported\n* JDK 8 support added (URLPermission granted if applicable)\n* JDK 9 supported \n* Added support for Entry-Point manifest attribute\n* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property\n  to control scan of Manifest file \n* starting arguments now accept also -- abbreviations\n* Added new documentation\n* Added support for menu shortcuts - both javaws\n  applications/applets and html applets are supported\n* added support for -html switch for javaws. Now you can run most\n  of the applets without browser at all\n* Control Panel\n  - PR1856: ControlPanel UI improvement for lower resolutions\n    (800*600)\n* NetX\n  - PR1858: Java Console accepts multi-byte encodings\n  - PR1859: Java Console UI improvement for lower resolutions\n    (800*600)\n  - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception\n   java.lang.ClassCastException in method\n   sun.applet.PluginAppletViewer$8.run()\n  - Dropped support for long unmaintained -basedir argument\n  - Returned support for -jnlp argument\n  - RH1095311, PR574 -  References class sun.misc.Ref removed in\n    OpenJDK 9 - fixed, and so buildable on JDK9\n* Plugin\n  - PR1743 - Intermittant deadlock in PluginRequestProcessor\n  - PR1298 - LiveConnect - problem setting array elements (applet\n    variables) from JS\n  - RH1121549: coverity defects\n  - Resolves method overloading correctly with superclass\n    heirarchy distance\n* PolicyEditor\n  - codebases can be renamed in-place, copied, and pasted\n  - codebase URLs can be copied to system clipboard\n  - displays a progress dialog while opening or saving files\n  - codebases without permissions assigned save to file anyway\n    (and re-appear on next open)\n  - PR1776: NullPointer on save-and-exit\n  - PR1850: duplicate codebases when launching from security dialogs\n  - Fixed bug where clicking 'Cancel' on the 'Save before Exiting'\n    dialog could result in the editor exiting without saving\n    changes\n  - Keyboard accelerators and mnemonics greatly improved\n  - 'File - New' allows editing a new policy without first\n    selecting the file to save to\n* Common\n  - PR1769: support signed applets which specify Sandbox\n    permissions in their manifests\n* Temporary Permissions in security dialog now multi-selectable\n  and based on PolicyEditor permissions\n\nThe update to 1.5.2 brings OpenJDK 8 support (fate#318956)\n* NetX\n  - RH1095311, PR574 -  References class sun.misc.Ref removed in\n    OpenJDK 9 - fixed, and so buildable on JDK9\n  - RH1154177 - decoded file needed from cache\n  - fixed NPE  in https dialog\n  - empty codebase behaves  as '.'\n","id":"SUSE-SU-2015:1682-1","modified":"2015-09-15T09:42:59Z","published":"2015-09-15T09:42:59Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151682-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/944208"},{"type":"REPORT","url":"https://bugzilla.suse.com/944209"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5234"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5235"}],"related":["CVE-2015-5234","CVE-2015-5235"],"summary":"Security update for icedtea-web","upstream":["CVE-2015-5234","CVE-2015-5235"]}