Mercurial > hg > release > icedtea6-1.7

changeset 1994:1c4624a3afe8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add CVE numbers. 2010-10-11 Andrew John Hughes <ahughes@redhat.com> * NEWS: Add CVE numbers and list 6925672 which is covered by the 6891766 fix.
author andrew
date Mon, 11 Oct 2010 22:31:47 +0100
parents 1cdd796efef3
children 9f1417fbbb12
files ChangeLog NEWS
diffstat 2 files changed, 13 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Oct 11 21:52:05 2010 +0100
+++ b/ChangeLog	Mon Oct 11 22:31:47 2010 +0100
@@ -1,3 +1,8 @@
+2010-10-11  Andrew John Hughes  <ahughes@redhat.com>
+
+	* NEWS: Add CVE numbers and list 6925672
+	which is covered by the 6891766 fix.
+
 2010-10-11  Andrew John Hughes  <ahughes@redhat.com>
 
 	* patches/icedtea-timerqueue.patch:
--- a/NEWS	Mon Oct 11 21:52:05 2010 +0100
+++ b/NEWS	Mon Oct 11 22:31:47 2010 +0100
@@ -21,14 +21,15 @@
   - S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution
   - S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution
   - S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies
-  - S6622002: UIDefault.ProxyLazyValue has unsafe reflection usage
+  - S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe reflection usage
   - S6623943: javax.swing.TimerQueue's thread occasionally fails to start
-  - S6952017: HttpURLConnection chunked encoding issue (Http request splitting)
-  - S6952603: NetworkInterface reveals local network address to untrusted code
-  - S6961084: limit setting of some request headers in HttpURLConnection
-  - S6963285: Crash in ICU Opentype layout engine due to mismatch in character counts
-  - S6980004: limit HTTP request cookie headers in HttpURLConnection
-  - S6981426: limit use of TRACE method in HttpURLConnection
+  - S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows receiving connections from any host
+  - S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue (Http request splitting)
+  - S6952603, CVE-2010-3551: NetworkInterface reveals local network address to untrusted code
+  - S6961084, CVE-2010-3541: limit setting of some request headers in HttpURLConnection
+  - S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to mismatch in character counts
+  - S6980004, CVE-2010-3573: limit HTTP request cookie headers in HttpURLConnection
+  - S6981426, CVE-2010-3574: limit use of TRACE method in HttpURLConnection
   - S6990437: Update with correct copyright info for source and test files from SSR10_02 fixes
 * Fixes
   - G244901: Skip test_gamma on hardened (PaX-enabled) kernels