# HG changeset patch
# User Andrew John Hughes <ahughes@redhat.com>
# Date 1318516274 -3600
# Node ID 66402124570384413d6639895083daf989da90bd
# Parent  cee8f49929f913dd362f370336ef23890484e614
Add better descriptions for a couple of security issues.

2011-10-13  Andrew John Hughes  <ahughes@redhat.com>

	* NEWS: Add better descriptions for
	a couple of security issues.

diff -r cee8f49929f9 -r 664021245703 ChangeLog
--- a/ChangeLog	Thu Oct 13 15:06:00 2011 +0100
+++ b/ChangeLog	Thu Oct 13 15:31:14 2011 +0100
@@ -1,3 +1,8 @@
+2011-10-13  Andrew John Hughes  <ahughes@redhat.com>
+
+	* NEWS: Add better descriptions for
+	a couple of security issues.
+
 2011-10-13  Andrew John Hughes  <ahughes@redhat.com>
 
 	* NEWS: Add 1.9.10 release date.
diff -r cee8f49929f9 -r 664021245703 NEWS
--- a/NEWS	Thu Oct 13 15:06:00 2011 +0100
+++ b/NEWS	Thu Oct 13 15:31:14 2011 +0100
@@ -18,8 +18,8 @@
   - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
   - S7055902, CVE-2011-3521: IIOP deserialization code execution
   - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
-  - S7064341, CVE-2011-3389: JSSE
-  - S7070134, CVE-2011-3558: Hotspot unspecified issue
+  - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
+  - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
   - S7077466, CVE-2011-3556: RMI DGC server remote code execution
   - S7083012, CVE-2011-3557: RMI registry privileged code execution
   - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection