pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/sun-jre6
Module Name: pkgsrc
Committed By: abs
Date: Sun Nov 22 19:27:21 UTC 2009
Modified Files:
pkgsrc/lang/sun-jre6: Makefile distinfo
Log Message:
Updated lang/sun-jre6 to 6.0.17
6u17 contains Olson time zone data version 2009m. For more information, refer
to Timezone Data Versions in the JRE Software .
Security Baseline
6u17 specifies the following security baselines for use with Java Plug-in
technology:
JRE Family Version Java SE
Security Baseline Java SE for Business
Security Baseline 6 1.6.0_17 1.6.0_17
5.0 1.5.0_22 1.5.0_22
1.4.2 1.4.2_19 1.4.2_24
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate for SECOM. (Refer to 6872579.)
* Added one new root certificate for GlobalSign. (Refer to 6860447.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities.
For more information, please see Sun Alerts 269868, 269869, 269870,
270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6631533 java
classes_2d ICC_Profile allows detecting if some files exist
6815780 java classes_2d TrueType font parsing crash when
stressing Sun Bug 6751322 test case
6822057 java classes_2d X11 and Win32GraphicsDevice don't clone
arrays returned from getConfigurations()
6862969 java classes_2d JPEG JFIF Decoder issue
6862970 java classes_2d Image Color Profile parsing issue
6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack
Overflow
6872358 java classes_2d JRE AWT setBytePixels vulnerable to
Heap Overflow
6664512 java classes_awt Component and
[Default]KeyboardFocusManager pass security sensitive objects to loggers
6636650 java classes_lang (cl) Resurrected ClassLoaders can still
have children
6861062 java classes_security Disable MD2 in certificate
chain validation
6863503 java classes_security SECURITY: MessageDigest.isEqual
introduces timing attack vulnerabilities
6864911 java classes_security ASN.1/DER input stream parser
needs more work
6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack
Buffer Overflow Vulnerability
6657026 java classes_swing Numerous static security flaws in Swing
(findbugs)
6657138 java classes_swing Mutable statics in Windows PL&F
(findbugs)
6824265 java classes_util_i18n (tz) TimeZone.getTimeZone
allows probing local filesystem
6632445 java imageio DoS from parsing BMPs with UNC ICC links
6862968 java imageio JPEG Image Writer quantization problem
6874643 java imageio ImageI/O JPEG is vulnerable to Heap
Overflow
6869694 java install java update malfunctioning
6869752 java_deployment deployment_toolkit Deployment
Toolkit plugin "launch" method vulnerable to exploits
6872824 javawebstart general arbitary code execution using
java web start
6870531 javawebstart other REGRESSION:have problem to run JNLP app
and applets with signed Jar files
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6842999 hotspot
runtime_system Update hotspot windows os_win32 for windows 2008 R2
6804454 java classes_2d RFE: Provide a way to control the
printing dpi resolution from MSIE browser print. See also 6801859
6813208 java classes_awt pageDialog throws NPE from applet
6825342 java classes_awt Security warning may change Z-order of
top-level
6843003 java classes_lang Windows Server 2008 R2 system
recognition
6860447 java classes_security Add GlobalSign R3 Root
certificate to the JDK
6872579 java classes_security Add SECOM Root CA 2 to JDK
6880110 java classes_util_i18n (tz) Support tzdata2009m
6814140 java classes_util_logging deadlock due to synchronized
demandLogger() code that locks ServerLogManager
6879614 jaxp parse
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl failing to parse
xml document
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/lang/sun-jre6/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/sun-jre6/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index