Mercurial > hg > release > icedtea6-1.9

changeset 2354:664021245703

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add better descriptions for a couple of security issues. 2011-10-13 Andrew John Hughes <ahughes@redhat.com> * NEWS: Add better descriptions for a couple of security issues.
author Andrew John Hughes <ahughes@redhat.com>
date Thu, 13 Oct 2011 15:31:14 +0100
parents cee8f49929f9
children 17e57c1e0898
files ChangeLog NEWS
diffstat 2 files changed, 7 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Oct 13 15:06:00 2011 +0100
+++ b/ChangeLog	Thu Oct 13 15:31:14 2011 +0100
@@ -1,3 +1,8 @@
+2011-10-13  Andrew John Hughes  <ahughes@redhat.com>
+
+	* NEWS: Add better descriptions for
+	a couple of security issues.
+
 2011-10-13  Andrew John Hughes  <ahughes@redhat.com>
 
 	* NEWS: Add 1.9.10 release date.
--- a/NEWS	Thu Oct 13 15:06:00 2011 +0100
+++ b/NEWS	Thu Oct 13 15:31:14 2011 +0100
@@ -18,8 +18,8 @@
   - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
   - S7055902, CVE-2011-3521: IIOP deserialization code execution
   - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
-  - S7064341, CVE-2011-3389: JSSE
-  - S7070134, CVE-2011-3558: Hotspot unspecified issue
+  - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
+  - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
   - S7077466, CVE-2011-3556: RMI DGC server remote code execution
   - S7083012, CVE-2011-3557: RMI registry privileged code execution
   - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection