diff options
author | Timo Teräs <timo.teras@iki.fi> | 2011-11-11 08:23:22 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2011-11-11 08:23:22 +0200 |
commit | 0389c0810effbe38de6d05d68e3ab6bb08a8aaef (patch) | |
tree | d448a18e10ec15196e7999047943f621693e5d62 /main/net-snmp/netsnmp-swinst-crash.patch | |
parent | 2962b2178b5ab294ca1b3d61e8e1037253ec85f4 (diff) | |
download | aports-0389c0810effbe38de6d05d68e3ab6bb08a8aaef.tar.bz2 aports-0389c0810effbe38de6d05d68e3ab6bb08a8aaef.tar.xz |
main/openjdk6: security upgrade icedtea6 to 1.10.4
ref #802
icedtea6 1.10.4 includes patches for the following security issues:
CVE-2011-3547: InputStream skip() information leak
CVE-2011-3548: mutable static AWTKeyStroke.ctor
CVE-2011-3551: Java2D TransformHelper integer overflow
CVE-2011-3552: excessive default UDP socket limit under SecurityManager
CVE-2011-3553: JAX-WS stack-traces information leak
CVE-2011-3544: missing SecurityManager checks in scripting engine
CVE-2011-3521: IIOP deserialization code execution
CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
CVE-2011-3556: RMI DGC server remote code execution
CVE-2011-3557: RMI registry privileged code execution
CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1):
CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
CVE-2011-0865: Vulnerability in deserialization
CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
CVE-2011-0867: NetworkInterface.toString can reveal bindings
CVE-2011-0869: Vulnerability in SAAJ
CVE-2011-0870: Vulnerability in SAAJ
CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
CVE-2011-0871: ImageIcon creates Component with null acc
CVE-2011-0864: JSR rewriting can overflow memory address size variables
Diffstat (limited to 'main/net-snmp/netsnmp-swinst-crash.patch')
0 files changed, 0 insertions, 0 deletions