Mercurial > hg > release > icedtea6-1.12
changeset 2709:5b8d816b6f79
Add release notes for 1.8.10, 1.9.10 and 1.10.4 security updates.
2010-10-19 Andrew John Hughes <ahughes@redhat.com>
* NEWS: Add release notes for 1.8.10,
1.9.10 and 1.10.4 security updates.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Wed, 19 Oct 2011 03:36:58 +0100 |
parents | 70d0a6e234ed |
children | 769602222e65 |
files | ChangeLog NEWS |
diffstat | 2 files changed, 72 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Oct 18 11:34:31 2011 +0200 +++ b/ChangeLog Wed Oct 19 03:36:58 2011 +0100 @@ -1,3 +1,8 @@ +2010-10-19 Andrew John Hughes <ahughes@redhat.com> + + * NEWS: Add release notes for 1.8.10, + 1.9.10 and 1.10.4 security updates. + 2011-10-18 Xerxes RĂ„nby <xerxes@zafena.se> CACAO
--- a/NEWS Tue Oct 18 11:34:31 2011 +0200 +++ b/NEWS Wed Oct 19 03:36:58 2011 +0100 @@ -21,7 +21,7 @@ - PR752: ImageFormatException extends Exception not RuntimeException - PR732: Use xsltproc for bootstrap xslt in place of Xerces/Xalan - RH727195: Japanese font mappings are broken -* Import of OpenJDK6 b22 including upgrade to HotSpot 20 +* Import of OpenJDK6 b23 including upgrade to HotSpot 20 - S7023111: Add webrev script to make/scripts - S6909331: Add vsvars.sh to the jdk repository (handy cygwin way to get vcvars32.bat run) - S6896934: README: Document how the drop source bundles work for jaxp/jaxws @@ -438,6 +438,72 @@ - PR690: Shark fails to JIT using hs20. - PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20. +New in release 1.10.4 (2011-10-18): + +* Security fixes + - S7000600, CVE-2011-3547: InputStream skip() information leak + - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor + - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow + - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager + - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak + - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine + - S7055902, CVE-2011-3521: IIOP deserialization code execution + - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks + - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) + - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer + - S7077466, CVE-2011-3556: RMI DGC server remote code execution + - S7083012, CVE-2011-3557: RMI registry privileged code execution + - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection +* Bug fixes + - RH727195: Japanese font mappings are broken +* Backports + - S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog +* Zero/Shark + - PR690: Shark fails to JIT using hs20. + - PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20. + +New in release 1.9.10 (2011-10-18): + +* Security fixes + - S7000600, CVE-2011-3547: InputStream skip() information leak + - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor + - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow + - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager + - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak + - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine + - S7055902, CVE-2011-3521: IIOP deserialization code execution + - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks + - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) + - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer + - S7077466, CVE-2011-3556: RMI DGC server remote code execution + - S7083012, CVE-2011-3557: RMI registry privileged code execution + - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection +* NetX + - PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest +* Fixes + - G356743: Support libpng 1.5. + +New in release 1.8.10 (2011-10-18): + +* Security fixes + - S7000600, CVE-2011-3547: InputStream skip() information leak + - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor + - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow + - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager + - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak + - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine + - S7055902, CVE-2011-3521: IIOP deserialization code execution + - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks + - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) + - S7077466, CVE-2011-3556: RMI DGC server remote code execution + - S7083012, CVE-2011-3557: RMI registry privileged code execution + - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection +* NetX + - PR794: javaws does not work if a Web Start app jar has a Class-Path element in the manifest + - PR764: icedtea 1.8.9 fails to build in CachedJarFileCallback.java +* Fixes + - G356743: Support libpng 1.5. + New in release 1.10.2 (2011-06-07): * Security fixes