PublicDateAtUSN: 2013-03-04
Candidate: CVE-2013-1493
PublicDate: 2013-03-05 22:06:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
 http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html
 https://ubuntu.com/security/notices/USN-1755-1
 https://ubuntu.com/security/notices/USN-1755-2
Description:
 The color management (CMM) functionality in the 2D component in Oracle Java
 SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and
 earlier allows remote attackers to execute arbitrary code or cause a denial
 of service (crash) via an image with crafted raster parameters, which
 triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as
 exploited in the wild in February 2013.
Ubuntu-Description: 
Notes: 
 mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package
 jdstrand> sun-java6 is not redistributable, no longer in the archive and
  no longer tracked
 jdstrand> sun-java5 is EOL upstream and no longer tracked
 jdstrand> as of 2013-03-05, no patches for openjdk-7
Bugs: 
Priority: high
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_openjdk-6:
 upstream: http://icedtea.classpath.org/hg/release/icedtea6-1.12/rev/abc301613e43 (8007675.patch)
upstream_openjdk-6: pending (6b27-1.12.4)
hardy_openjdk-6: released (6b27-1.12.3-0ubuntu1~8.04.2)
lucid_openjdk-6: released (6b27-1.12.3-0ubuntu1~10.04.1)
oneiric_openjdk-6: released (6b27-1.12.3-0ubuntu1~11.10.1)
precise_openjdk-6: released (6b27-1.12.3-0ubuntu1~12.04.1)
quantal_openjdk-6: released (6b27-1.12.3-0ubuntu1~12.10.1)
devel_openjdk-6: not-affected (6b27-1.12.4-1ubuntu1)

Patches_openjdk-7:
upstream_openjdk-7: pending (7u15-2.3.8)
hardy_openjdk-7: DNE
lucid_openjdk-7: DNE
oneiric_openjdk-7: released (7u15-2.3.7-0ubuntu1~11.10.1)
precise_openjdk-7: released (7u15-2.3.7-0ubuntu1~12.04.1)
quantal_openjdk-7: released (7u15-2.3.7-0ubuntu1~12.10.1)
devel_openjdk-7: released (7u15-2.3.7-1ubuntu2)

Patches_openjdk-6b18:
upstream_openjdk-6b18: needs-triage
hardy_openjdk-6b18: DNE
lucid_openjdk-6b18: ignored (reached end-of-life)
oneiric_openjdk-6b18: ignored (superseded by openjdk-6)
precise_openjdk-6b18: DNE
quantal_openjdk-6b18: DNE
devel_openjdk-6b18: DNE