CVE-2014-0459

Name	CVE-2014-0459
Description	Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2912-1, DSA-2923-1
Debian Bugs	745471

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
lcms2 (PTS)	bullseye	2.12~rc1-2	fixed
	bookworm	2.14-2	fixed
	sid, trixie	2.16-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
lcms	source	(unstable)	(unfixed)
lcms2	source	(unstable)	2.6-1	low		745471
openjdk-6	source	squeeze	6b31-1.13.3-1~deb6u1		DSA-2912-1
openjdk-6	source	wheezy	6b31-1.13.3-1~deb7u1		DSA-2912-1
openjdk-7	source	wheezy	7u55-2.4.7-1~deb7u1		DSA-2923-1

[squeeze] - lcms <no-dsa> (Minor issue)
[wheezy] - lcms <no-dsa> (Minor issue)
[wheezy] - lcms2 <no-dsa> (Minor issue)