OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=123

java-1_8_0-openjdk.changes

@@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Thu Oct 22 12:19:38 UTC 2015 - fstrba@suse.com
+
+- Upgrade to upstream tag jdk8u65-b17
+  * Security fix release of October 21, 2015 (bsc#951376)
+- Security issues fixed:
+  * CVE-2015-4734: A remote user can exploit a flaw in the Embedded
+    JGSS component to partially access data
+  * CVE-2015-4803: A remote user can exploit a flaw in the JRockit
+    JAXP component to cause partial denial of service conditions
+  * CVE-2015-4805: A remote user can exploit a flaw in the Embedded
+    Serialization component to gain elevated privileges
+  * CVE-2015-4806: A remote user can exploit a flaw in the Java SE
+    Embedded Libraries component to partially access and partially
+    modify data
+  * CVE-2015-4835: A remote user can exploit a flaw in the Embedded
+    CORBA component to gain elevated privileges
+  * CVE-2015-4842: A remote user can exploit a flaw in the Embedded
+    JAXP component to partially access data
+  * CVE-2015-4843: A remote user can exploit a flaw in the Java SE
+    Embedded Libraries component to gain elevated privileges
+  * CVE-2015-4844: A remote user can exploit a flaw in the Embedded
+    2D component to gain elevated privileges
+  * CVE-2015-4860: A remote user can exploit a flaw in the Embedded
+    RMI component to gain elevated privileges
+  * CVE-2015-4872: A remote user can exploit a flaw in the JRockit
+    Security component to partially modify data [].
+  * CVE-2015-4881: A remote user can exploit a flaw in the Embedded
+    CORBA component to gain elevated privileges
+  * CVE-2015-4882: A remote user can exploit a flaw in the Embedded
+    CORBA component to cause partial denial of service conditions
+  * CVE-2015-4883: A remote user can exploit a flaw in the Embedded
+    RMI component to gain elevated privileges
+  * CVE-2015-4893: A remote user can exploit a flaw in the JRockit
+    JAXP component to cause partial denial of service conditions
+  * CVE-2015-4902: A remote user can exploit a flaw in the Java SE
+    Deployment component to partially modify data
+  * CVE-2015-4903: A remote user can exploit a flaw in the Embedded
+    RMI component to partially access data
+  * CVE-2015-4911: A remote user can exploit a flaw in the JRockit
+    JAXP component to cause partial denial of service conditions
+  * CVE-2015-4810: A local user can exploit a flaw in the Java SE
+    Deployment component to gain elevated privileges
+  * CVE-2015-4840: A remote user can exploit a flaw in the Embedded
+    2D component to partially access data
+  * CVE-2015-4868: A remote user can exploit a flaw in the Java SE
+    Embedded Libraries component to gain elevated privileges
+  * CVE-2015-4901: A remote user can exploit a flaw in the JavaFX
+    component to gain elevated privileges
+  * CVE-2015-4906: A remote user can exploit a flaw in the JavaFX
+    component to partially access data
+  * CVE-2015-4908: A remote user can exploit a flaw in the JavaFX
+    component to partially access data
+  * CVE-2015-4916: A remote user can exploit a flaw in the JavaFX
+    component to partially access data  
+- Modified patch:
+  * s390-size_t.patch
+    - Account for an additional uintptr_t <-> size_t mismatch
+
 -------------------------------------------------------------------
 Wed Aug 19 08:12:09 UTC 2015 - fstrba@suse.com
 
@@ -12,7 +71,7 @@ Wed Aug 19 08:12:09 UTC 2015 - fstrba@suse.com
     - Fixed differently upstream
   * applet-hole.patch
     - Not needed any more with recent versions of icedtea-web
-Modified patches
+- Modified patches
   * aarch64-misc.patch
     - Rediff to correspond to the new context
     - Added bits from aarch64-port/jdk8/jdk