hg: icedtea/jdk7/jdk: 20 new changesets
ahughes at redhat.com
ahughes at redhat.com
Tue Mar 30 12:50:08 PDT 2010
Changeset: 966ceea08da2
Author: mullan
Date: 2010-03-24 18:51 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/966ceea08da2
6633872: OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains.
! src/share/classes/java/security/Policy.java
! src/share/classes/java/security/ProtectionDomain.java
! src/share/classes/sun/misc/SharedSecrets.java
! src/share/classes/sun/security/provider/PolicyFile.java
Changeset: 5d417463868a
Author: chegar
Date: 2010-03-24 18:54 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/5d417463868a
6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
! src/share/classes/java/lang/ThreadGroup.java
Changeset: 0d4de674c4b8
Author: alanb
Date: 2010-03-24 18:56 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/0d4de674c4b8
6736390: File TOCTOU deserialization vulnerability
! src/share/classes/java/io/File.java
Changeset: 1d88d270a14b
Author: sherman
Date: 2010-03-24 19:21 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/1d88d270a14b
6745393: Inflater/Deflater clone issues
! src/share/classes/java/util/zip/Deflater.java
! src/share/classes/java/util/zip/Inflater.java
! src/share/native/java/util/zip/Deflater.c
! src/share/native/java/util/zip/Inflater.c
Changeset: 987a68e10cf7
Author: andrew
Date: 2010-03-24 19:47 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/987a68e10cf7
Add missing import so java.security.ProtectionDomain is resolved.
! src/share/classes/sun/misc/SharedSecrets.java
Changeset: f734b640587f
Author: denis
Date: 2010-03-24 19:49 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/f734b640587f
6887703: Unsigned applet can retrieve the dragged information before drop action occurs
! src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
Changeset: f9b8d669396e
Author: chegar
Date: 2010-03-24 19:58 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/f9b8d669396e
6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
Changeset: 260a0cd53b80
Author: mchung
Date: 2010-03-24 20:28 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/260a0cd53b80
6893947: Deserialization of RMIConnectionImpl objects should enforce stricter checks
! src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
Changeset: 57629e420d8e
Author: michaelm
Date: 2010-03-24 20:36 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/57629e420d8e
6893954: Subclasses of InetAddress may incorrectly interpret network addresses
! src/share/classes/java/net/DatagramSocket.java
! src/share/classes/java/net/InetAddress.java
! src/share/classes/java/net/MulticastSocket.java
! src/share/classes/java/net/NetworkInterface.java
! src/share/classes/java/net/Socket.java
! src/share/classes/sun/nio/ch/Net.java
Changeset: ce6ecd2e5f80
Author: sherman
Date: 2010-03-24 20:37 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/ce6ecd2e5f80
6745393: Inflater/Deflater clone issues
+ src/share/classes/java/util/zip/ZStreamRef.java
Changeset: 6bdd71e389ba
Author: mullan
Date: 2010-03-24 20:38 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/6bdd71e389ba
6633872: Policy/PolicyFile leak dynamic ProtectionDomains
+ src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
Changeset: e93802c8900d
Author: weijun
Date: 2010-03-24 20:50 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/e93802c8900d
6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
! src/share/classes/sun/security/util/ObjectIdentifier.java
Changeset: 4d8cf80349f3
Author: xuelei
Date: 2010-03-25 18:27 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/4d8cf80349f3
6898739: CVE-2009-3555 TLS: MITM attacks via session renegotiation
! src/share/classes/sun/security/ssl/ClientHandshaker.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/ssl/SSLEngineImpl.java
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
! src/share/classes/sun/security/ssl/ServerHandshaker.java
! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java
Changeset: 9de837975a81
Author: bae
Date: 2010-03-25 18:43 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/9de837975a81
6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability
! src/share/native/sun/java2d/cmm/lcms/cmsio1.c
! src/share/native/sun/java2d/cmm/lcms/cmsxform.c
Changeset: 6872cbd08161
Author: ksrini
Date: 2010-03-26 17:58 +0000
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/6872cbd08161
6902299: JAR "unpack200" must verify input parameters
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
Changeset: 38c890ba15f8
Author: malenkov
Date: 2010-03-29 18:59 +0100
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/38c890ba15f8
6904691: Applet Trusted Methods Chaining Privilege Escalation Vulnerability
! src/share/classes/java/beans/EventHandler.java
! src/share/classes/java/beans/Statement.java
! test/java/beans/EventHandler/Test6277246.java
! test/java/beans/EventHandler/Test6277266.java
Changeset: e35fbd39456f
Author: bae
Date: 2010-03-29 19:30 +0100
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/e35fbd39456f
6909597: JPEGImageReader stepX Integer Overflow Vulnerability
! src/share/native/sun/awt/image/jpeg/imageioJPEG.c
Changeset: e4e158e12b2b
Author: michaelm
Date: 2010-03-29 19:32 +0100
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/e4e158e12b2b
6910590: Application can modify command array in ProcessBuilder
! src/share/classes/java/lang/ProcessBuilder.java
Changeset: ef2414f6d891
Author: bae
Date: 2010-03-29 19:33 +0100
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/ef2414f6d891
6914823: AWT Library Invalid Index Vulnerability
! src/share/classes/sun/awt/image/ImageRepresentation.java
Changeset: a6da33732b35
Author: bae
Date: 2010-03-29 19:34 +0100
URL: http://hg.openjdk.java.net/icedtea/jdk7/jdk/rev/a6da33732b35
6914866: ImagingLib arbitrary code execution vulnerability
! src/share/native/sun/awt/medialib/awt_ImagingLib.c
! src/share/native/sun/awt/medialib/safe_alloc.h
More information about the icedtea-changes
mailing list