You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yesterday, a commit was made to OpenJDK (and the same issue fixed in Oracle JDK via Oracle Critical Patch Update Advisory - April 2014) fixing an issue in embedded lcms.
There are no real details available, CVSS score used in the CPU indicates that lack of the check impacts application availability, possibly causing crash.
This check is currently not part of the Little-CMS git master. I'm unsure if you were notified about this issue by Oracle, or if you may have more details about affected versions (i.e. whether 1.x and 2.x are affected).
The text was updated successfully, but these errors were encountered:
Probably.. but I don't maintain 1.x anymore, it has more serious security issues that this one. My recommendation is to migrate to 2.6 and avoid problems.
Yesterday, a commit was made to OpenJDK (and the same issue fixed in Oracle JDK via Oracle Critical Patch Update Advisory - April 2014) fixing an issue in embedded lcms.
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d6739b8326a4
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
Fix adds code that validates profile version.
There are no real details available, CVSS score used in the CPU indicates that lack of the check impacts application availability, possibly causing crash.
This check is currently not part of the Little-CMS git master. I'm unsure if you were notified about this issue by Oracle, or if you may have more details about affected versions (i.e. whether 1.x and 2.x are affected).
The text was updated successfully, but these errors were encountered: