The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Security Fix: * icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite * icedtea-web: unsigned code injection in a signed JAR file For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.