Hello community,
here is the log from the commit of package patchinfo.4657 for
openSUSE:13.1:Update checked in at 2016-08-12 08:18:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.4657 (Old)
and /work/SRC/openSUSE:13.1:Update/.patchinfo.4657.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.4657"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="4657">
<packager>fstrba</packager>
<issue tracker="cve" id="2016-3458"></issue>
<issue tracker="cve" id="2016-3485"></issue>
<issue tracker="cve" id="2016-3498"></issue>
<issue tracker="cve" id="2016-3500"></issue>
<issue tracker="cve" id="2016-3503"></issue>
<issue tracker="cve" id="2016-3508"></issue>
<issue tracker="cve" id="2016-3511"></issue>
<issue tracker="cve" id="2016-3550"></issue>
<issue tracker="cve" id="2016-3598"></issue>
<issue tracker="cve" id="2016-3606"></issue>
<issue tracker="cve" id="2016-3610"></issue>
<issue tracker="bnc" id="988651">JVM on PPC64 LE crashes due to an illegal
instruction in JITed code (java-1_8_0-openjdk)</issue>
<issue tracker="bnc" id="989722">VUL-0: CVE-2016-3606:
java-1_8_0-openjdk,java-1_7_0-openjdk: insufficient bytecode verification
(Hotspot, 8155981)</issue>
<issue tracker="bnc" id="989723">VUL-0: CVE-2016-3598: java-1_8_0-openjdk:
incorrect handling of MethodHandles.dropArguments() argument (Libraries,
8155985)</issue>
<issue tracker="bnc" id="989725">VUL-0: CVE-2016-3610: java-1_8_0-openjdk:
insufficient value count check in MethodHandles.filterReturnValue() (Libraries,
8158571)</issue>
<issue tracker="bnc" id="989727">VUL-0: CVE-2016-3511:
java-1_8_0-openjdk,java-1_7_0-openjdk: unspecified vulnerability fixed in 7u111
and 8u101 (Deployment)</issue>
<issue tracker="bnc" id="989728">VUL-0: CVE-2016-3503:
java-1_8_0-openjdk,java-1_7_0-openjdk: unspecified vulnerability fixed in
6u121, 7u111, and 8u101 (Install)</issue>
<issue tracker="bnc" id="989729">VUL-0: CVE-2016-3498:
java-1_8_0-openjdk,java-1_7_0-openjdk: unspecified vulnerability fixed in 7u111
and 8u101 (JavaFX)</issue>
<issue tracker="bnc" id="989730">VUL-0: CVE-2016-3500:
java-1_8_0-openjdk,java-1_7_0-openjdk: maximum XML name limit not applied to
namespace URIs (JAXP, 8148872)</issue>
<issue tracker="bnc" id="989731">VUL-0: CVE-2016-3508:
java-1_8_0-openjdk,java-1_7_0-openjdk: missing entity replacement limits (JAXP,
8149962)</issue>
<issue tracker="bnc" id="989732">VUL-0: CVE-2016-3458:
java-1_8_0-openjdk,java-1_7_0-openjdk: insufficient restrictions on the use of
custom ValueHandler (CORBA, 8079718)</issue>
<issue tracker="bnc" id="989733">VUL-0: CVE-2016-3550:
java-1_8_0-openjdk,java-1_7_0-openjdk: integer overflows in bytecode streams
(Hotspot, 8152479)</issue>
<issue tracker="bnc" id="989734">VUL-0: CVE-2016-3485:
java-1_8_0-openjdk,java-1_7_0-openjdk: weak authentication secret in Pipe
implementation on Windows (Networking, 8145446)</issue>
<category>security</category>
<rating>important</rating>
<summary>Security update for OpenJDK7</summary>
<description>Update to 2.6.7 - OpenJDK 7u111
* Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
(bsc#989732)
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows
only) (bsc#989734)
- S8147771: Construction of static protection domains under
Javax custom policy
- S8148872, CVE-2016-3500: Complete name checking (bsc#989730)
- S8149962, CVE-2016-3508: Better delineation of XML processing
(bsc#989731)
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)
- S8155981, CVE-2016-3606: Bolster bytecode verification
(bsc#989722)
- S8155985, CVE-2016-3598: Persistent Parameter Processing
(bsc#989723)
- S8158571, CVE-2016-3610: Additional method handle validation
(bsc#989725)
- CVE-2016-3511 (bsc#989727)
- CVE-2016-3503 (bsc#989728)
- CVE-2016-3498 (bsc#989729)</description>
</patchinfo>
