/hg/icedtea6: 2009-08-25 Lillian Angel <langel at redhat.com>
cpdev-commits at icedtea.classpath.org
cpdev-commits at icedtea.classpath.org
Tue Aug 25 09:04:22 PDT 2009
changeset afef68fb795d in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=afef68fb795d
summary: 2009-08-25 Lillian Angel <langel at redhat.com>
diffstat:
2 files changed, 15 insertions(+)
ChangeLog | 4 ++++
NEWS | 11 +++++++++++
diffs (32 lines):
diff -r 6a3a77c90d63 -r afef68fb795d ChangeLog
--- a/ChangeLog Tue Aug 25 10:38:03 2009 -0400
+++ b/ChangeLog Tue Aug 25 12:07:24 2009 -0400
@@ -1,3 +1,7 @@ 2009-08-25 Deepak Bhole <dbhole at redhat.
+2009-08-25 Lillian Angel <langel at redhat.com>
+
+ * NEWS: Added CVEs.
+
2009-08-25 Deepak Bhole <dbhole at redhat.com>
* plugin/icedtea/sun/applet/PluginAppletViewer.java
diff -r 6a3a77c90d63 -r afef68fb795d NEWS
--- a/NEWS Tue Aug 25 10:38:03 2009 -0400
+++ b/NEWS Tue Aug 25 12:07:24 2009 -0400
@@ -1,6 +1,17 @@ New in release 1.6 (UNRELEASED)
New in release 1.6 (UNRELEASED)
- Added java method tracing using systemtap version 0.9.9+.
+- Security fixes for:
+ CVE-2009-2670 - OpenJDK Untrusted applet System properties access
+ CVE-2009-2671 CVE-2009-2672 - OpenJDK Proxy mechanism information leaks
+ CVE-2009-2673 - OpenJDK proxy mechanism allows non-authorized socket connections
+ CVE-2009-2674 - Java Web Start Buffer JPEG processing integer overflow
+ CVE-2009-2675 - Java Web Start Buffer unpack200 processing integer overflow
+ CVE-2009-2625 - OpenJDK XML parsing Denial-Of-Service
+ CVE-2009-2475 - OpenJDK information leaks in mutable variables
+ CVE-2009-2476 - OpenJDK OpenType checks can be bypassed
+ CVE-2009-2689 - OpenJDK JDK13Services grants unnecessary privileges
+ CVE-2009-2690 - OpenJDK private variable information disclosure
New in release 1.5 (2009-05-20)
More information about the distro-pkg-dev
mailing list