Mercurial > hg > release > icedtea6-1.8
changeset 2024:a0120629678b icedtea6-1.8
Update NEWS for icedtea6-1.8
author | doko@ubuntu.com |
---|---|
date | Wed, 14 Apr 2010 12:21:03 +0200 |
parents | 7441b5622149 |
children | d1ad52447673 |
files | NEWS |
diffstat | 1 files changed, 30 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Mon Apr 12 22:34:32 2010 +0100 +++ b/NEWS Wed Apr 14 12:21:03 2010 +0200 @@ -1,4 +1,4 @@ -New in release 1.8 (2010-XX-XX): +New in release 1.8 (2010-04-13): - Updated to OpenJDK6 b18. - Nimbus Look 'n' Feel backported from OpenJDK7. @@ -42,6 +42,35 @@ - For ARM, add Thumb2 JIT. - Fixed Shark sharkCompiler mattr memory corruption bug when using llvm 2.7. +New in release 1.7.2 (2010-03-31): + +- Latest security updates and hardening patches: + - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299) + - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) + - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653) + - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217) + - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) + - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390) + - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703) + - (CVE-2010-0088): Inflater/Deflater clone issues (6745393) + - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) + - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) + - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) + - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) + - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691) + - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823) + - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866) + - (CVE-2009-3555): TLS: MITM attacks via session renegotiation + - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups + - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs + - 6910590: Application can modify command array in ProcessBuilder + - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability + - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? +- Backport of 6822370: + ReentrantReadWriteLock: threads hung when there are no threads holding onto the lock +- Increase ThreadStackSize by 512kb on 32-bit Zero platforms +- Check cacerts database is valid + New in release 1.7.1 (2010-02-26): Bug fixes