Mercurial > hg > release > icedtea6-1.10
changeset 2289:2c5c2c6f314a
Add CVE numbers.
2010-10-11 Andrew John Hughes <ahughes@redhat.com>
* NEWS: Add CVE numbers and list 6925672
which is covered by the 6891766 fix.
author | andrew |
---|---|
date | Mon, 11 Oct 2010 22:31:47 +0100 |
parents | f4f7b88ae02c |
children | c66cf32a25db |
files | ChangeLog NEWS |
diffstat | 2 files changed, 13 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Oct 11 21:06:13 2010 +0100 +++ b/ChangeLog Mon Oct 11 22:31:47 2010 +0100 @@ -1,3 +1,8 @@ +2010-10-11 Andrew John Hughes <ahughes@redhat.com> + + * NEWS: Add CVE numbers and list 6925672 + which is covered by the 6891766 fix. + 2010-10-11 Andrew John Hughes <ahughes@redhat.com> * patches/icedtea-timerqueue.patch:
--- a/NEWS Mon Oct 11 21:06:13 2010 +0100 +++ b/NEWS Mon Oct 11 22:31:47 2010 +0100 @@ -21,14 +21,15 @@ - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - - S6622002: UIDefault.ProxyLazyValue has unsafe reflection usage + - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6623943: javax.swing.TimerQueue's thread occasionally fails to start - - S6952017: HttpURLConnection chunked encoding issue (Http request splitting) - - S6952603: NetworkInterface reveals local network address to untrusted code - - S6961084: limit setting of some request headers in HttpURLConnection - - S6963285: Crash in ICU Opentype layout engine due to mismatch in character counts - - S6980004: limit HTTP request cookie headers in HttpURLConnection - - S6981426: limit use of TRACE method in HttpURLConnection + - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host + - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) + - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code + - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection + - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts + - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection + - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection - S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes * Backports from OpenJDK6 - S4356282, RH525870: RFE: T2K should be used to rasterize CID/CFF fonts