----- Original Message ----- > We have a new release of IcedTea [0] and a new OpenJDK 6 release, b36 > to go with it. This is made from the current state of the OpenJDK 6 > repositories plus backports of the new security fixes included in 7u85 > & 8u51. > > The tarballs are available here: > > https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b36-22_jul_2015.tar.gz > https://java.net/projects/openjdk6/downloads/download/openjdk-6-src-b36-22_jul_2015.tar.xz > > SHA256 checksums: > > 9616b2365734ad34b0837dc99ba604513f9a12b602aadfdf334e46f9d59dac55 > openjdk-6-src-b36-22_jul_2015.tar.gz > c9df23d208b3b61f5f57c030accca2f7b3218a97bd140668506265ececdf26f4 > openjdk-6-src-b36-22_jul_2015.tar.xz > > Changes since b36 (including both CPU fixes and upstreamed changes): > > * Security fixes > - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites > - S8067694, CVE-2015-2625: Improved certification checking > - S8071715, CVE-2015-4760: Tune font layout engine > - S8071731: Better scaling for C1 > - S8072490: Better font morphing redux > - S8072887: Better font handling improvements > - S8073334: Improved font substitutions > - S8073773: Presume path preparedness > - S8073894: Getting to the root of certificate chains > - S8074330: Set font anchors more solidly > - S8074335: Substitute for substitution formats > - S8074865, CVE-2015-2601: General crypto resilience changes > - S8074871: Adjust device table handling > - S8075374, CVE-2015-4748: Responding to OCSP responses > - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling > - S8075738: Better multi-JVM sharing > - S8075838: Method for typing MethodTypes > - S8075853, CVE-2015-2621: Proxy for MBean proxies > - S8076328, CVE-2015-4000: Enforce key exchange constraints > - S8076376, CVE-2015-2628: Enhance IIOP operations > - S8076397, CVE-2015-4731: Better MBean connections > - S8076401, CVE-2015-2590: Serialize OIS data > - S8076405, CVE-2015-4732: Improve serial serialization > - S8076409, CVE-2015-4733: Reinforce RMI framework > - S8077520, CVE-2015-2632: Morph tables into improved form > - PR2488, CVE-2015-4000: Make jdk8 mode the default for > jdk.tls.ephemeralDHKeySize
Copy and paste error; PR2488 is IcedTea-only as it depends on the backport of S6956398, PR2486: make ephemeral DH key match the length of the certificate key. b37 maybe? OJ60 should be under security fixes really. It's a fix for the FREAK issue; CVE-2015-0204: Disable export ciphers by default -- Andrew :) Senior Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07