--- a/ChangeLog	Fri Jan 07 08:08:41 2011 -0500
+++ b/ChangeLog	Tue Jan 18 12:07:45 2011 -0500
@@ -25,6 +25,13 @@
 	skipped.
 	* NEWS: Updated.
 
+2010-12-16 Omair Majid <omajid@redhat.com>
+
+	RH663680, CVE-2010-4351:
+	* NEWS: List issue.
+	* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
+	Make sure SecurityException is thrown if necessary. 
+
 2010-12-14  Andrew John Hughes  <ahughes@redhat.com>
 
 	* Makefile.am:

--- a/NEWS	Fri Jan 07 08:08:41 2011 -0500
+++ b/NEWS	Tue Jan 18 12:07:45 2011 -0500
@@ -28,5 +28,6 @@
   - Add a new option -Xclearcache
   - Interfaces javax.jnlp.IntegrationService and javax.jnlp.DownloadService2 are now available
   - PR592: NetX can create invalid desktop entry files
+  - RH663680, CVE-2010-4351: IcedTea JNLP SecurityManager bypass
 * Control Panel
   - Modifications to deployments.properties file can now be done through a GUI

--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Fri Jan 07 08:08:41 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Tue Jan 18 12:07:45 2011 -0500
@@ -313,6 +313,7 @@
                     }
 
                 } else if (perm instanceof SecurityPermission) {
+                    tmpPerm = perm;
 
                     // JCE's initialization requires putProviderProperty permission
                     if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
@@ -322,6 +323,7 @@
                     }
 
                 } else if (perm instanceof RuntimePermission) {
+                    tmpPerm = perm;
 
                     // KeyGenerator's init method requires internal spec access
                     if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {