------------------------------------------------------------
revno: 612
committer: Matthias Klose <[email protected]>
branch nick: openjdk7
timestamp: Wed 2017-02-08 10:31:41 +0100
message:
* Remove obsolete changelog entries from previous release.
modified:
changelog
--
lp:~openjdk/openjdk/openjdk7
https://code.launchpad.net/~openjdk/openjdk/openjdk7
Your team Debian Java Maintainers is subscribed to branch
lp:~openjdk/openjdk/openjdk7.
To unsubscribe from this branch go to
https://code.launchpad.net/~openjdk/openjdk/openjdk7/+edit-subscription
=== modified file 'changelog'
--- changelog 2017-02-08 09:16:30 +0000
+++ changelog 2017-02-08 09:31:41 +0000
@@ -35,6 +35,10 @@
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
+ - S8165344, CVE-2017-3272: A protected field can be leveraged into type
+ confusion.
+ - S8156802, CVE-2017-3241: RMI deserialization should limit the types
+ deserialized to prevent attacks that could escape the sandbox.
* Ignored
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
leak information about k.
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
