Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets
Andrew John Hughes
ahughes at redhat.com
Tue Apr 6 10:43:04 PDT 2010
On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
> Andrew John Hughes wrote:
>>
>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com> wrote:
>>
>>>
>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>
>>>>
>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>> repositories.
>>>>
>>>>
>>>
>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>
>>>
>>
>> Joe, where are the fixes for the HotSpot tree? See top of
>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>
>>
>
> This time around, all the security fixes were in the jdk repository.
>
> -Joe
>
Err... no they weren't...
6626217: Loader-constraint table allows arrays instead of only the
base-classes (CVE-2010-0082)
6892265: System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes (CVE-2010-0093)
6894807: No ClassCastException for HashAttributeSet constructors if
run with -Xcomp (CVE-2010-0845)
and
6932480: Crash in CompilerThread/Parser. Unloaded array klass?
due to a breakage caused by one of the above.
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the jdk6-dev
mailing list