Security fixes in b19 - Re: hg: jdk6/jdk6/jdk: 23 new changesets
Joe Darcy
joe.darcy at oracle.com
Tue Apr 6 13:40:39 PDT 2010
Joe Darcy wrote:
> Andrew John Hughes wrote:
>> On 6 April 2010 17:34, Joe Darcy <joe.darcy at oracle.com> wrote:
>>
>>> Andrew John Hughes wrote:
>>>
>>>> On 31 March 2010 00:52, Andrew John Hughes <ahughes at redhat.com> wrote:
>>>>
>>>>
>>>>> On 31 March 2010 00:46, Joe Darcy <joe.darcy at oracle.com> wrote:
>>>>>
>>>>>
>>>>>> The latest round of security fixes are now in the OpenJDK 6 master
>>>>>> repositories.
>>>>>>
>>>>>>
>>>>>>
>>>>> And IcedTea6 1.6, 1.7, 1.8, HEAD and IcedTea7 :-)
>>>>>
>>>>>
>>>>>
>>>> Joe, where are the fixes for the HotSpot tree? See top of
>>>> http://hg.openjdk.java.net/icedtea/jdk7/hotspot
>>>>
>>>>
>>>>
>>> This time around, all the security fixes were in the jdk repository.
>>>
>>> -Joe
>>>
>>>
>>
>> Err... no they weren't...
>>
>> 6626217: Loader-constraint table allows arrays instead of only the
>> base-classes (CVE-2010-0082)
>> 6892265: System.arraycopy unable to reference elements beyond
>> Integer.MAX_VALUE bytes (CVE-2010-0093)
>> 6894807: No ClassCastException for HashAttributeSet constructors if
>> run with -Xcomp (CVE-2010-0845)
>>
>> and
>>
>> 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
>>
>> due to a breakage caused by one of the above.
>>
>
> Hmm, let me check into that...
>
Thanks for catching this; the remaining security fixes are on the way.
(The rebasing of the HotSpot repo caused a hiccup in the security
integration process which will be corrected.)
-Joe
More information about the jdk6-dev
mailing list