# HG changeset patch # User andrew # Date 1286832707 -3600 # Node ID 1c4624a3afe86ad3c283db632c43614fb0995476 # Parent 1cdd796efef3faa964d20ad7803800d1ccec7ba9 Add CVE numbers. 2010-10-11 Andrew John Hughes * NEWS: Add CVE numbers and list 6925672 which is covered by the 6891766 fix. diff -r 1cdd796efef3 -r 1c4624a3afe8 ChangeLog --- a/ChangeLog Mon Oct 11 21:52:05 2010 +0100 +++ b/ChangeLog Mon Oct 11 22:31:47 2010 +0100 @@ -1,3 +1,8 @@ +2010-10-11 Andrew John Hughes + + * NEWS: Add CVE numbers and list 6925672 + which is covered by the 6891766 fix. + 2010-10-11 Andrew John Hughes * patches/icedtea-timerqueue.patch: diff -r 1cdd796efef3 -r 1c4624a3afe8 NEWS --- a/NEWS Mon Oct 11 21:52:05 2010 +0100 +++ b/NEWS Mon Oct 11 22:31:47 2010 +0100 @@ -21,14 +21,15 @@ - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies - - S6622002: UIDefault.ProxyLazyValue has unsafe reflection usage + - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage - S6623943: javax.swing.TimerQueue's thread occasionally fails to start - - S6952017: HttpURLConnection chunked encoding issue (Http request splitting) - - S6952603: NetworkInterface reveals local network address to untrusted code - - S6961084: limit setting of some request headers in HttpURLConnection - - S6963285: Crash in ICU Opentype layout engine due to mismatch in character counts - - S6980004: limit HTTP request cookie headers in HttpURLConnection - - S6981426: limit use of TRACE method in HttpURLConnection + - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host + - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting) + - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code + - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection + - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts + - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection + - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection - S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes * Fixes - G244901: Skip test_gamma on hardened (PaX-enabled) kernels