CVS commit: pkgsrc/lang/sun-jre6

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/sun-jre6
From: David Brownlee <abs%netbsd.org@localhost>
Date: Sun, 22 Nov 2009 19:27:21 +0000

Module Name:    pkgsrc
Committed By:   abs
Date:           Sun Nov 22 19:27:21 UTC 2009

Modified Files:
        pkgsrc/lang/sun-jre6: Makefile distinfo

Log Message:
Updated lang/sun-jre6 to 6.0.17

6u17 contains Olson time zone data version 2009m. For more information, refer 
to Timezone Data Versions in the JRE Software .

Security Baseline

6u17 specifies the following security baselines for use with Java Plug-in 
technology:
JRE Family Version      Java SE
Security Baseline       Java SE for Business
Security Baseline 6     1.6.0_17        1.6.0_17
5.0     1.5.0_22        1.5.0_22
1.4.2   1.4.2_19        1.4.2_24

Root Certificates

Root Certificates are included in this release.

    * Added one new root certificate for SECOM. (Refer to 6872579.)
    * Added one new root certificate for GlobalSign. (Refer to 6860447.)

Bug Fixes

This release contains fixes for one or more security vulnerabilities.
For more information, please see Sun Alerts 269868, 269869, 269870,
270474, 270475, and 270476.

Bug fixes for vulnerabilities are listed in the following table.
        BugId   Category        Subcategory     Description 6631533     java    
classes_2d      ICC_Profile allows detecting if some files exist
6815780         java    classes_2d      TrueType font parsing crash when 
stressing Sun Bug 6751322 test case
6822057         java    classes_2d      X11 and Win32GraphicsDevice don't clone 
arrays returned from getConfigurations()
6862969         java    classes_2d      JPEG JFIF Decoder issue
6862970         java    classes_2d      Image Color Profile parsing issue
6872357         java    classes_2d      JRE AWT setDifflCM vulnerable to Stack 
Overflow
6872358         java    classes_2d      JRE AWT setBytePixels vulnerable to 
Heap Overflow
6664512         java    classes_awt     Component and 
[Default]KeyboardFocusManager pass security sensitive objects to loggers
6636650         java    classes_lang    (cl) Resurrected ClassLoaders can still 
have children
6861062         java    classes_security        Disable MD2 in certificate 
chain validation
6863503         java    classes_security        SECURITY: MessageDigest.isEqual 
introduces timing attack vulnerabilities
6864911         java    classes_security        ASN.1/DER input stream parser 
needs more work
6854303         java    classes_sound   Sun Java HsbParser.getSoundBank Stack 
Buffer Overflow Vulnerability
6657026         java    classes_swing   Numerous static security flaws in Swing 
(findbugs)
6657138         java    classes_swing   Mutable statics in Windows PL&F 
(findbugs)
6824265         java    classes_util_i18n       (tz) TimeZone.getTimeZone 
allows probing local filesystem
6632445         java    imageio         DoS from parsing BMPs with UNC ICC links
6862968         java    imageio         JPEG Image Writer quantization problem
6874643         java    imageio         ImageI/O JPEG is vulnerable to Heap 
Overflow
6869694         java    install         java update malfunctioning
6869752         java_deployment         deployment_toolkit      Deployment 
Toolkit plugin "launch" method vulnerable to exploits
6872824         javawebstart    general         arbitary code execution using 
java web start
6870531         javawebstart    other   REGRESSION:have problem to run JNLP app 
and applets with signed Jar files

Other bug fixes are listed in the following table.
        BugId   Category        Subcategory     Description 6842999     hotspot 
        runtime_system  Update hotspot windows os_win32 for windows 2008 R2
6804454         java    classes_2d      RFE: Provide a way to control the 
printing dpi resolution from MSIE browser print. See also 6801859
6813208         java    classes_awt     pageDialog throws NPE from applet
6825342         java    classes_awt     Security warning may change Z-order of 
top-level
6843003         java    classes_lang    Windows Server 2008 R2 system 
recognition
6860447         java    classes_security        Add GlobalSign R3 Root 
certificate to the JDK
6872579         java    classes_security        Add SECOM Root CA 2 to JDK
6880110         java    classes_util_i18n       (tz) Support tzdata2009m
6814140         java    classes_util_logging    deadlock due to synchronized 
demandLogger() code that locks ServerLogManager
6879614         jaxp    parse   
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl failing to parse 
xml document


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/lang/sun-jre6/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/sun-jre6/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/devel/pango
Next by Date: CVS commit: pkgsrc/lang/sun-jdk6
Previous by Thread: CVS commit: pkgsrc/devel/pango
Next by Thread: CVS commit: pkgsrc/lang/sun-jdk6
Indexes:

Home | Main Index | Thread Index | Old Index