Mercurial > hg > release > icedtea6-1.8

changeset 2024:a0120629678b icedtea6-1.8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update NEWS for icedtea6-1.8
author doko@ubuntu.com
date Wed, 14 Apr 2010 12:21:03 +0200
parents 7441b5622149
children d1ad52447673
files NEWS
diffstat 1 files changed, 30 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Mon Apr 12 22:34:32 2010 +0100
+++ b/NEWS	Wed Apr 14 12:21:03 2010 +0200
@@ -1,4 +1,4 @@
-New in release 1.8 (2010-XX-XX):
+New in release 1.8 (2010-04-13):
 
 - Updated to OpenJDK6 b18.
   - Nimbus Look 'n' Feel backported from OpenJDK7.
@@ -42,6 +42,35 @@
   - For ARM, add Thumb2 JIT.
   - Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7.
 
+New in release 1.7.2 (2010-03-31):
+
+- Latest security updates and hardening patches:
+  - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299)
+  - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
+  - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
+  - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217)
+  - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
+  - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390)
+  - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703)
+  - (CVE-2010-0088): Inflater/Deflater clone issues (6745393)
+  - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
+  - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
+  - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
+  - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
+  - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
+  - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823)
+  - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866)
+  - (CVE-2009-3555): TLS: MITM attacks via session renegotiation
+  - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
+  - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
+  - 6910590: Application can modify command array in ProcessBuilder
+  - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability
+  - 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
+- Backport of 6822370:
+  ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock
+- Increase ThreadStackSize by 512kb on 32-bit Zero platforms
+- Check cacerts database is valid
+
 New in release 1.7.1 (2010-02-26):
 
 Bug fixes