Mercurial > hg > release > icedtea6-1.13

changeset 3158:98dcce0066c5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add CVE information to NEWS. 2014-07-15 Andrew John Hughes <gnu.andrew@redhat.com> * NEWS: Move D-I-D fixes into security list. Add CVE numbers.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Tue, 15 Jul 2014 18:17:57 +0100
parents a359fcb9891d
children 5749b9d7b329
files ChangeLog NEWS
diffstat 2 files changed, 27 insertions(+), 21 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Jul 15 17:54:05 2014 +0100
+++ b/ChangeLog	Tue Jul 15 18:17:57 2014 +0100
@@ -1,3 +1,9 @@
+2014-07-15  Andrew John Hughes  <gnu.andrew@redhat.com>
+
+	* NEWS:
+	Move D-I-D fixes into security list.
+	Add CVE numbers.
+
 2014-07-15  Omair Majid  <omajid@redhat.com>
 
 	* NEWS: Add a section for 1.13.5
--- a/NEWS	Tue Jul 15 17:54:05 2014 +0100
+++ b/NEWS	Tue Jul 15 18:17:57 2014 +0100
@@ -17,17 +17,27 @@
 New in release 1.13.4 (2014-07-15):
 
 * Security fixes
-  - S8029755: Enhance subject class
-  - S8031346: Enhance RSA key handling
-  - S8033301: Build more informative InfoBuilder
-  - S8035004: Provider provides less service
-  - S8035009: Make Proxy representations consistent
-  - S8035119: Fix exceptions to bytecode verification
-  - S8035699: File choosers should be choosier
-  - S8037076: Check constant pool constants
-  - S8037162: More robust DH exchanges
-  - S8037167: Better method signature resolution
-  - S8039520: More atomicity of atomic updates
+  - S8029755, CVE-2014-4209: Enhance subject class
+  - S8030763: Validate global memory allocation
+  - S8031346, CVE-2014-4244: Enhance RSA key handling
+  - S8031540: Introduce document horizon
+  - S8032536: JVM resolves wrong method in some unusual cases
+  - S8033055: Issues in 2d
+  - S8033301, CVE-2014-4266: Build more informative InfoBuilder
+  - S8034267: Probabilistic native crash
+  - S8034272: Do not cram data into CRAM arrays
+  - S8035004, CVE-2014-4252: Provider provides less service
+  - S8035009, CVE-2014-4218: Make Proxy representations consistent
+  - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification
+  - S8035699, CVE-2014-4268: File choosers should be choosier
+  - S8036571: (process) Process process arguments carefully
+  - S8036800: Attribute OOM to correct part of code
+  - S8037046: Validate libraries to be loaded
+  - S8037157: Verify <init> call
+  - S8037076, CVE-2014-2490: Check constant pool constants
+  - S8037162, CVE-2014-4263: More robust DH exchanges
+  - S8037167, CVE-2014-4216: Better method signature resolution
+  - S8039520, CVE-2014-4262: More atomicity of atomic updates
 * Import of OpenJDK6 b32
   - OP32: OpenJDK6-b31 isn't compatible with Windows platform
   - OJ33: Update copyright headers introduced by the fix for OPENJDK6-32
@@ -39,16 +49,6 @@
   - S8028111: XML readers share the same entity expansion counter
   - S8028285: RMI Thread can no longer call out to AWT
   - S8029038: Revise fix for XML readers share the same entity expansion counter
-  - S8030763: Validate global memory allocation
-  - S8031540: Introduce document horizon
-  - S8032536: JVM resolves wrong method in some unusual cases
-  - S8033055: Issues in 2d
-  - S8034267: Probabilistic native crash
-  - S8034272: Do not cram data into CRAM arrays
-  - S8036571: (process) Process process arguments carefully
-  - S8036800: Attribute OOM to correct part of code
-  - S8037046: Validate libraries to be loaded
-  - S8037157: Verify <init> call
   - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64
   - S8042590: Running form URL throws NPE
   - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader