Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets
Joe Darcy
joe.darcy at oracle.com
Tue Apr 6 11:08:34 PDT 2010
Andrew John Hughes wrote:
> On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
>
>> Andrew John Hughes wrote:
>>
>>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com> wrote:
>>>
>>>
>>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>
>>>>
>>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>>> repositories.
>>>>>
>>>>>
>>>>>
>>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>>
>>>>
>>>>
>>> Joe, where are the fixes for the HotSpot tree? See top of
>>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>>
>>>
>>>
>> This time around, all the security fixes were in the jdk repository.
>>
>> -Joe
>>
>>
>
> Err... no they weren't...
>
> 6626217: Loader-constraint table allows arrays instead of only the
> base-classes (CVE-2010-0082)
> 6892265: System.arraycopy unable to reference elements beyond
> Integer.MAX_VALUE bytes (CVE-2010-0093)
> 6894807: No ClassCastException for HashAttributeSet constructors if
> run with -Xcomp (CVE-2010-0845)
>
> and
>
> 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
>
> due to a breakage caused by one of the above.
>
Hmm, let me check into that...
-Joe
More information about the jdk6-dev
mailing list