VUL-0: CVE-2011-2939: icedtea-web: second-level domain subdomains and suffix domain SOP bypass
Update to version 1.1.4 of icedtea-web to fix the following
issues:
- CVE-2011-3377: IcedTea-Web: second-level domain
subdomains and suffix domain SOP bypass
- PR778: Jar download and server certificate verification
deadlock
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5422
Fixed bugs
bnc#729870
VUL-0: icedtea-web: second-level domain subdomains and suffix domain SOP bypass
CVE#CVE-2011-2939
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which
