/hg/release/icedtea6-1.6: Added CVEs to NEWS
cpdev-commits at icedtea.classpath.org
cpdev-commits at icedtea.classpath.org
Tue Aug 25 09:02:50 PDT 2009
changeset 9f84fb766ec8 in /hg/release/icedtea6-1.6
details: http://icedtea.classpath.org/hg/release/icedtea6-1.6?cmd=changeset;node=9f84fb766ec8
summary: Added CVEs to NEWS
diffstat:
1 file changed, 11 insertions(+)
NEWS | 11 +++++++++++
diffs (21 lines):
diff -r 9b85d9f17c40 -r 9f84fb766ec8 NEWS
--- a/NEWS Tue Aug 25 10:58:37 2009 -0400
+++ b/NEWS Tue Aug 25 12:05:50 2009 -0400
@@ -1,6 +1,17 @@ New in release 1.6 (UNRELEASED)
New in release 1.6 (UNRELEASED)
- Added java method tracing using systemtap version 0.9.9+.
+- Security fixes for:
+ CVE-2009-2670 - OpenJDK Untrusted applet System properties access
+ CVE-2009-2671 CVE-2009-2672 - OpenJDK Proxy mechanism information leaks
+ CVE-2009-2673 - OpenJDK proxy mechanism allows non-authorized socket connections
+ CVE-2009-2674 - Java Web Start Buffer JPEG processing integer overflow
+ CVE-2009-2675 - Java Web Start Buffer unpack200 processing integer overflow
+ CVE-2009-2625 - OpenJDK XML parsing Denial-Of-Service
+ CVE-2009-2475 - OpenJDK information leaks in mutable variables
+ CVE-2009-2476 - OpenJDK OpenType checks can be bypassed
+ CVE-2009-2689 - OpenJDK JDK13Services grants unnecessary privileges
+ CVE-2009-2690 - OpenJDK private variable information disclosure
New in release 1.5 (2009-05-20)
More information about the distro-pkg-dev
mailing list