[PATCH] b36 Release and retro-active security patch review
Omair Majid
omajid at redhat.com
Fri Jul 31 23:12:58 UTC 2015
* Andrew Hughes <gnu.andrew at redhat.com> [2015-07-30 16:54]:
> Changes since b36 (including both CPU fixes and upstreamed changes):
I assume you meant b35 here.
> - S8043200, PR2485: Decrease the preference mode of RC4 in the enabled cipher suite list
I don't quite follow this patch. If PRESERVE_RC4 is true, doesn't it put
SSL_RSA_WITH_RC4_128_MD5 at the top of the cipher list from its original
lower position?
That said, given that 8043202 removes these RC4 ciphers, it probably
doesn't matter.
> - S8062923: XSL: Run-time internal error in 'substring()'
> - S8062924: XSL: wrong answer from substring() function
This patch has a 'ORACLE PROPRIETARY/CONFIDENTIAL' header.
Looks okay to me otherwise.
Cheers,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the jdk6-dev
mailing list