Mercurial > hg > release > icedtea7-2.3

changeset 2626:d7b14b793a5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
List latest security fixes in NEWS. 2013-02-05 Andrew John Hughes <gnu.andrew@member.fsf.org> * NEWS: Updated with latest security fixes.
author Andrew John Hughes <gnu_andrew@member.fsf.org>
date Tue, 05 Feb 2013 09:31:13 +0000
parents 04e3b3ccc887
children 19a65ee9399c
files ChangeLog NEWS
diffstat 2 files changed, 42 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Feb 04 16:34:28 2013 +0000
+++ b/ChangeLog	Tue Feb 05 09:31:13 2013 +0000
@@ -1,3 +1,7 @@
+2013-02-05  Andrew John Hughes  <gnu.andrew@member.fsf.org>
+
+	* NEWS: Updated with latest security fixes.
+
 2013-02-04  Andrew John Hughes  <gnu.andrew@member.fsf.org>
 
 	* Makefile.am,
--- a/NEWS	Mon Feb 04 16:34:28 2013 +0000
+++ b/NEWS	Tue Feb 05 09:31:13 2013 +0000
@@ -12,6 +12,44 @@
 
 New in release 2.3.5 (2013-XX-XX):
 
+* Security fixes
+  - S6563318, CVE-2013-0424: RMI data sanitization
+  - S6664509, CVE-2013-0425: Add logging context
+  - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time
+  - S6776941: CVE-2013-0427: Improve thread pool shutdown
+  - S7141694, CVE-2013-0429: Improving CORBA internals
+  - S7173145: Improve in-memory representation of splashscreens
+  - S7186945: Unpack200 improvement
+  - S7186946: Refine unpacker resource usage
+  - S7186948: Improve Swing data validation
+  - S7186952, CVE-2013-0432: Improve clipboard access
+  - S7186954: Improve connection performance
+  - S7186957: Improve Pack200 data validation
+  - S7192392, CVE-2013-0443: Better validation of client keys
+  - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages
+  - S7192977, CVE-2013-0442: Issue in toolkit thread
+  - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies
+  - S7200491: Tighten up JTable layout code
+  - S7200493, CVE-2013-0444: Improve cache handling
+  - S7200499: Better data validation for options
+  - S7200500: Launcher better input validation
+  - S7201064: Better dialogue checking
+  - S7201066, CVE-2013-0441: Change modifiers on unused fields
+  - S7201068, CVE-2013-0435: Better handling of UI elements
+  - S7201070: Serialization to conform to protocol
+  - S7201071, CVE-2013-0433: InetSocketAddress serialization issue
+  - S8000210: Improve JarFile code quality
+  - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class
+  - S8000539, CVE-2013-0431: Introspect JMX data handling
+  - S8000540, CVE-2013-1475: Improve IIOP type reuse management
+  - S8000631, CVE-2013-1476: Restrict access to class constructor
+  - S8001235, CVE-2013-0434: Improve JAXP HTTP handling
+  - S8001242: Improve RMI HTTP conformance
+  - S8001307: Modify ACC_SUPER behavior
+  - S8001972, CVE-2013-1478: Improve image processing
+  - S8002325, CVE-2013-1480: Improve management of images
+* Backports
+  - S7175616: Port fix for TimeZone from JDK 8 to JDK 7
 * Bug fixes
   - Fix build using Zero's HotSpot so all patches apply again.