cvs commit: ports/java/openjdk6 Makefile distinfo
ports/java/openjdk6/files patch-FloatingDecimal.java patch-security
patch-set
Jung-uk Kim
jkim at FreeBSD.org
Mon Feb 21 19:03:18 UTC 2011
jkim 2011-02-21 19:03:18 UTC
FreeBSD ports repository
Modified files:
java/openjdk6 Makefile distinfo
java/openjdk6/files patch-set
Added files:
java/openjdk6/files patch-security
Removed files:
java/openjdk6/files patch-FloatingDecimal.java
Log:
Update IcedTea-Web to 1.0.1 and fix multiple security vulnerabilities.
CVE-2010-4469: Hotspot backward jsr heap corruption
CVE-2010-4465: Swing timer-based security manager bypass
CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation
CVE-2010-4448: DNS cache poisoning by untrusted applets
CVE-2010-4450: Launcher incorrect processing of empty library path entries
CVE-2010-4471: Java2D font-related system property leak
CVE-2010-4470: JAXP untrusted component state manipulation
CVE-2011-0706: Multiple signers privilege escalation
Obtained from: icedtea.classpath.org
Obtained from: jaxp.java.net
Revision Changes Path
1.42 +2 -2 ports/java/openjdk6/Makefile
1.18 +2 -2 ports/java/openjdk6/distinfo
1.2 +0 -11 ports/java/openjdk6/files/patch-FloatingDecimal.java (dead)
1.1 +1665 -0 ports/java/openjdk6/files/patch-security (new)
1.15 +7 -6 ports/java/openjdk6/files/patch-set
More information about the cvs-all
mailing list