Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc18
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Thursday 18th April 2013 02:47:29 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-5958
2013-04-18 01:37:17
--------------------------------------------------------------------------------

Name        : java-1.7.0-openjdk
Product     : Fedora 18
Version     : 1.7.0.19
Release     : 2.3.9.1.fc18
URL         : http://openjdk.java.net/
Summary     : OpenJDK Runtime Environment
Description :
The OpenJDK runtime environment.

--------------------------------------------------------------------------------
Update Information:

    - updated to updated IcedTea  2.3.9 with fix to one of security fixes
      -  fixed font glyph offset
    WARNING     - this build have not yet updated not-hotspot
(arm...)builds!
    - added client to ghosted classes.jsa
    - updated to IcedTea  2.3.9 with latest security patches
      - 920245 CVE-2013-0401 OpenJDK: unspecified sandbox bypass
(CanSecWest 2013, AWT)
      - 920247 CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest
2013, Libraries)
      - 952387 CVE-2013-1537 OpenJDK: remote code loading enabled by
default (RMI, 8001040)
      - 952389 CVE-2013-2415 OpenJDK: temporary files created with insecure
permissions (JAX-WS, 8003542)
      - 952398 CVE-2013-2423 OpenJDK: incorrect setter access checks in
MethodHandles (Hostspot, 8009677)
      - 952509 CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class
access checks (JMX, 8006435)
      - 952521 CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption
(ImageIO, 8007918)
      - 952524 CVE-2013-2430 OpenJDK: JPEGImageReader state corruption
(ImageIO, 8007667)
      - 952550 CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type
checks (Libraries, 8009049)
      - 952638 CVE-2013-2420 OpenJDK: image processing vulnerability (2D,
8007617)
      - 952640 CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing
restrictions (Beans, 7200507)
      - 952642 CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect
restrictions (Libraries, 8009857)
      - 952645 CVE-2013-2431 OpenJDK: Hotspot intrinsic frames
vulnerability (Hotspot, 8004336)
      - 952646 CVE-2013-1518 OpenJDK: JAXP missing security restrictions
(JAXP, 6657673)
      - 952648 CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing
security restrictions (RMI, 8001329)
      - 952649 CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error
(Hotspot, 8009699)
      - 952653 CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls
defaultReadObject() method (Libraries, 8009063)
      - 952656 CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031)
      - 952657 CVE-2013-2417 OpenJDK: Network InetAddress serialization
information disclosure (Networking, 8000724)
      - 952708 CVE-2013-2383 OpenJDK: font layout and glyph table errors
(2D, 8004986)
      - 952709 CVE-2013-2384 OpenJDK: font layout and glyph table errors
(2D, 8004987)
      - 952711 CVE-2013-1569 OpenJDK: font layout and glyph table errors
(2D, 8004994)
    - buildver sync to b19
    - rewritten java-1.7.0-openjdk-java-access-bridge-security.patch
    - fixed priority (one zero deleted)
    - unapplied patch2
    - added patch107 abrt_friendly_hs_log_jdk7.patch
    - removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch
    - removed redundant rm of classes.jsa, ghost is handling it correctly
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 16 2013 Jiri Vanek <[email protected] - 1.7.0.19-2.3.9.1.fc18
- updated to updated IcedTea  2.3.9 with fix to one of security fixes
  -  fixed font glyph offset
- added client to ghosted classes.jsa
* Thu Apr 11 2013 Jiri Vanek <[email protected] - 1.7.0.9-2.3.9.0.fc18
- updated to IcedTea  2.3.9 with latest security patches
- buildver sync to b19
- rewritten java-1.7.0-openjdk-java-access-bridge-security.patch
* Wed Apr 10 2013 Jiri Vanek <[email protected]> - 1.7.0.9-2.3.8.4.fc18
- fixed priority (one zero deleted)
- unapplied patch2
* Thu Apr  4 2013 Jiri Vanek <[email protected]> - 1.7.0.9-2.3.8.4.fc18
- added patch107 abrt_friendly_hs_log_jdk7.patch
- removed patch2 java-1.7.0-openjdk-java-access-bridge-idlj.patch
- removed redundant rm of classes.jsa, ghost is handling it correctly
* Tue Mar 26 2013 Jiri Vanek <[email protected]> - 1.7.0.9-2.3.8.3.fc18
- added manual deletion of classes.jsa
- ghost classes.jsa restricted to jitarches and to full path
- zlib in BuildReq restricted for  1.2.3-7 or higher
 - see https://bugzilla.redhat.com/show_bug.cgi?id=904231
- Removed a -icedtea tag from the version
  - package have less and less connections to icedtea7
- Added link to nss as noreplace bug to previous changelog item
* Mon Mar 25 2013 Jiri Vanek <[email protected]> - 1.7.0.9-2.3.8.1.fc18
- Bumped release
- Added and applied patch500 java-1.7.0-openjdk-fixZeroAllocFailure.patch
  - to fix not-jit arches build
  - is already in upstreamed icedtea 2.1
- Added gcc-c++ build dependence. Sometimes caused troubles during rpm -bb
- Added (Build)Requires for fontconfig and xorg-x11-fonts-Type1
  - see https://bugzilla.redhat.com/show_bug.cgi?id=721033
for details
- Removed all fonconfig files. Fonts are now handled differently in JDK 
  and those files are redundant. This is going to be usptreamed.
  - see https://bugzilla.redhat.com/show_bug.cgi?id=902227
for details
- logging.properties marked as config(noreplace)
  - see https://bugzilla.redhat.com/show_bug.cgi?id=679180
for details
- classes.jsa marked as ghost 
  - see https://bugzilla.redhat.com/show_bug.cgi?id=918172
for details
- nss.cfg was marked as config(noreplace)
* Mon Mar  4 2013 Omair Majid  - 1.7.0.9-2.3.8.fc18
- Updated to icedtea7 2.3.8 (forest)
- Removed upstreamed patches contained in extra tarball.
* Sat Feb 16 2013 Jiri Vanek <[email protected]> - 1.7.0.9-2.3.7.fc18
- Updated to 2.3.7 icedtea7 tarball
- Updated the 2.1.6 icedtea7 tarball for arm
- Removed testing
 - mauve was outdated and
 - jtreg was icedtea relict
- Added java -Xshare:dump to post (see 513605) fo jitarchs
* Thu Feb 14 2013 Deepak Bhole  - 1.7.0.9-2.3.6.fc17
- Updated to 2.3.6
- Updated the 2.1.5 tarball
- Removed upstreamed patches
* Mon Feb 11 2013 Deepak Bhole  - 1.7.0.9-2.3.5.4.fc18
- Updated secondary arch tarball to 2.1.5
- Made Patch100* jit-arch specific-only (not needed for 2.1.5)
* Thu Feb  7 2013 Omair Majid  - 1.7.0.9-2.3.5.3.fc18
- Sync logging fixes with upstream (icedtea7-forest and jdk7u)
* Thu Feb  7 2013 Deepak Bhole  - 1.7.0.9-2.3.5.1.fc18
- Added patch for 8005615 to fix regression caused by fix for 6664509
* Wed Feb  6 2013 Deepak Bhole  - 1.7.0.9-2.3.5.fc18.1
- Backed out 6664509 and 7201064.patch which cause regressions
* Sun Feb  3 2013 Deepak Bhole  - 1.7.0.9-2.3.5.fc18
- Updated to 2.3.5
- Removed unnecessary GENSRCDIR flag
* Sun Feb  3 2013 Deepak Bhole  - 1.7.0.9-2.3.4.2.fc18
- Bumped to 2.3.5pre (2.3.4 + Feb. 2013 CPU)
* Wed Jan 16 2013 Jiri Vanek <[email protected]> - 1.7.0.9-2.3.4.1.fc18
- Added idlj slave to javac
- Added jcmd slave to javac
- Release incremented
* Mon Jan 14 2013 Deepak Bhole  - 1.7.0.9-2.3.4.fc18
- Updated to 2.3.4
* Thu Dec  6 2012 jiri Vanek <[email protected]> - 1.7.0.6-2.3.2.fc18.2
- introduced tmp-patches source tarball 
- added kerberos fix (see rhbz#871771)
- added OpenOffice crusher fix (see oracle's 8004344)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update java-1.7.0-openjdk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms