-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16294 2010-10-14 06:02:57 --------------------------------------------------------------------------------
Name : java-1.6.0-openjdk Product : Fedora 13 Version : 1.6.0.0 Release : 43.1.8.2.fc13 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 7 2010 Jiri Vanek <[email protected]> -1:1.6.0-43.1.8.2 - Imports icedtea6-1.8.2 - changed Release versioning from openjdkver to icedteaver - Resolves: rhbz#533125 - Resolves: rhbz#639876 - Resolves: rhbz#639880 - Resolves: rhbz#639897 - Resolves: rhbz#639904 - Resolves: rhbz#639909 - Resolves: rhbz#639914 - Resolves: rhbz#639920 - Resolves: rhbz#639922 - Resolves: rhbz#639925 - Resolves: rhbz#639951 - Resolves: rhbz#6622002 - Resolves: rhbz#6623943 - Resolves: rhbz#6925672 - Resolves: rhbz#6952017 - Resolves: rhbz#6952603 - Resolves: rhbz#6961084 - Resolves: rhbz#6963285 - Resolves: rhbz#6980004 - Resolves: rhbz#6981426 - Resolves: rhbz#6990437 * Mon Jul 26 2010 Martin Matejovic <[email protected]> -1:1.6.0-42.b18 - Imports icedtea6-1.8.1 - Removed: java-1.6.0-openjdk-plugin.patch - Resolves: rhbz#616893 - Resolves: rhbz#616895 * Mon Jun 14 2010 Martin Matejovic <[email protected]> -1:1.6.0.-41.b18 - Fixed plugin update to IcedTeaPlugin.so - Fixed plugin cpu usage issue - Fixed plugin rewrites ? in URL - Added java-1.6.0-openjdk-plugin.patch - Resovles: rhbz#598353 - Resolves: rhbz#592553 - Resolves: rhbz#602906 * Fri Jun 11 2010 Martin Matejovic <[email protected]> - 1:1.6.0-40.b18 - Rebuild * Tue Jun 8 2010 Martin Matejovic <[email protected]> - 1:1.6.0-39.b18 - Added icedtea6-1.8 - Added openjdk b18 - Added visualvm_122 - Added netbeans-profiler-visualvm_release68_1.tar.gz - Added jdk6-jaf-2009_10_27.zip as SOURCE9 - Added jdk6-jaxp-2009_10_13.zip as SOURCE10 - Added jdk6-jaxws-2009_10_27.zip as SOURCE11 - Added java-1.6.0-openjdk-visualvm-update.patch - Removed java-1.6.0-openjdk-securitypatches-20100323.patch - Removed java-1.6.0-openjdk-linux-globals.patch - Removed java-1.6.0-openjdk-memory-barriers.patch - Resolved: rhbz#595191 - Resovles: rhbz#596850 - Resolves: rhbz#597134 - Resolves: rhbz#580432 -------------------------------------------------------------------------------- References: [ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation https://bugzilla.redhat.com/show_bug.cgi?id=533125 [ 2 ] Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) https://bugzilla.redhat.com/show_bug.cgi?id=642202 [ 3 ] Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) https://bugzilla.redhat.com/show_bug.cgi?id=639909 [ 4 ] Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) https://bugzilla.redhat.com/show_bug.cgi?id=642180 [ 5 ] Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) https://bugzilla.redhat.com/show_bug.cgi?id=642187 [ 6 ] Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) https://bugzilla.redhat.com/show_bug.cgi?id=642167 [ 7 ] Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672) https://bugzilla.redhat.com/show_bug.cgi?id=639880 [ 8 ] Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) https://bugzilla.redhat.com/show_bug.cgi?id=639904 [ 9 ] Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) https://bugzilla.redhat.com/show_bug.cgi?id=639897 [ 10 ] Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060) https://bugzilla.redhat.com/show_bug.cgi?id=639914 [ 11 ] Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) https://bugzilla.redhat.com/show_bug.cgi?id=639920 [ 12 ] Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285) https://bugzilla.redhat.com/show_bug.cgi?id=642197 [ 13 ] Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) https://bugzilla.redhat.com/show_bug.cgi?id=639876 [ 14 ] Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) https://bugzilla.redhat.com/show_bug.cgi?id=639925 [ 15 ] Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) https://bugzilla.redhat.com/show_bug.cgi?id=642215 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
