Mercurial > hg > release > icedtea7-2.3
changeset 2626:d7b14b793a5c
List latest security fixes in NEWS.
2013-02-05 Andrew John Hughes <gnu.andrew@member.fsf.org>
* NEWS: Updated with latest security fixes.
author | Andrew John Hughes <gnu_andrew@member.fsf.org> |
---|---|
date | Tue, 05 Feb 2013 09:31:13 +0000 |
parents | 04e3b3ccc887 |
children | 19a65ee9399c |
files | ChangeLog NEWS |
diffstat | 2 files changed, 42 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Feb 04 16:34:28 2013 +0000 +++ b/ChangeLog Tue Feb 05 09:31:13 2013 +0000 @@ -1,3 +1,7 @@ +2013-02-05 Andrew John Hughes <gnu.andrew@member.fsf.org> + + * NEWS: Updated with latest security fixes. + 2013-02-04 Andrew John Hughes <gnu.andrew@member.fsf.org> * Makefile.am,
--- a/NEWS Mon Feb 04 16:34:28 2013 +0000 +++ b/NEWS Tue Feb 05 09:31:13 2013 +0000 @@ -12,6 +12,44 @@ New in release 2.3.5 (2013-XX-XX): +* Security fixes + - S6563318, CVE-2013-0424: RMI data sanitization + - S6664509, CVE-2013-0425: Add logging context + - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time + - S6776941: CVE-2013-0427: Improve thread pool shutdown + - S7141694, CVE-2013-0429: Improving CORBA internals + - S7173145: Improve in-memory representation of splashscreens + - S7186945: Unpack200 improvement + - S7186946: Refine unpacker resource usage + - S7186948: Improve Swing data validation + - S7186952, CVE-2013-0432: Improve clipboard access + - S7186954: Improve connection performance + - S7186957: Improve Pack200 data validation + - S7192392, CVE-2013-0443: Better validation of client keys + - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages + - S7192977, CVE-2013-0442: Issue in toolkit thread + - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies + - S7200491: Tighten up JTable layout code + - S7200493, CVE-2013-0444: Improve cache handling + - S7200499: Better data validation for options + - S7200500: Launcher better input validation + - S7201064: Better dialogue checking + - S7201066, CVE-2013-0441: Change modifiers on unused fields + - S7201068, CVE-2013-0435: Better handling of UI elements + - S7201070: Serialization to conform to protocol + - S7201071, CVE-2013-0433: InetSocketAddress serialization issue + - S8000210: Improve JarFile code quality + - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class + - S8000539, CVE-2013-0431: Introspect JMX data handling + - S8000540, CVE-2013-1475: Improve IIOP type reuse management + - S8000631, CVE-2013-1476: Restrict access to class constructor + - S8001235, CVE-2013-0434: Improve JAXP HTTP handling + - S8001242: Improve RMI HTTP conformance + - S8001307: Modify ACC_SUPER behavior + - S8001972, CVE-2013-1478: Improve image processing + - S8002325, CVE-2013-1480: Improve management of images +* Backports + - S7175616: Port fix for TimeZone from JDK 8 to JDK 7 * Bug fixes - Fix build using Zero's HotSpot so all patches apply again.