Date: Mon, 21 Feb 2011 19:03:18 +0000 (UTC) From: Jung-uk Kim <jkim@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/java/openjdk6 Makefile distinfo ports/java/openjdk6/files patch-FloatingDecimal.java patch-security patch-set Message-ID: <201102211903.p1LJ3IlO088839@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jkim 2011-02-21 19:03:18 UTC
FreeBSD ports repository
Modified files:
java/openjdk6 Makefile distinfo
java/openjdk6/files patch-set
Added files:
java/openjdk6/files patch-security
Removed files:
java/openjdk6/files patch-FloatingDecimal.java
Log:
Update IcedTea-Web to 1.0.1 and fix multiple security vulnerabilities.
CVE-2010-4469: Hotspot backward jsr heap corruption
CVE-2010-4465: Swing timer-based security manager bypass
CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation
CVE-2010-4448: DNS cache poisoning by untrusted applets
CVE-2010-4450: Launcher incorrect processing of empty library path entries
CVE-2010-4471: Java2D font-related system property leak
CVE-2010-4470: JAXP untrusted component state manipulation
CVE-2011-0706: Multiple signers privilege escalation
Obtained from: icedtea.classpath.org
Obtained from: jaxp.java.net
Revision Changes Path
1.42 +2 -2 ports/java/openjdk6/Makefile
1.18 +2 -2 ports/java/openjdk6/distinfo
1.2 +0 -11 ports/java/openjdk6/files/patch-FloatingDecimal.java (dead)
1.1 +1665 -0 ports/java/openjdk6/files/patch-security (new)
1.15 +7 -6 ports/java/openjdk6/files/patch-set
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102211903.p1LJ3IlO088839>