OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=128

java-1_8_0-openjdk.changes

@@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Mon Jan 25 07:54:33 UTC 2016 - fstrba@suse.com
+
+- Upgrade to upstream tag jdk8u72-b15
+  * Oracle Critical Patch Update of January 2016 (bsc#962743)
+  * Using aarch64 hotspot tag aarch64-jdk8u72-b15
+- Security issues fixed:
+  * CVE-2015-7575: Mozilla Network Security Services (NSS) before
+    3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox
+    ESR 38.x before 38.5.2, does not reject MD5 signatures in Server
+    Key Exchange messages in TLS 1.2 Handshake Protocol traffic,
+    which makes it easier for man-in-the-middle attackers to spoof
+    servers by triggering a collision. 
+  * CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE
+    and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x
+    and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x
+    before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to
+    cause a denial of service (application crash) or possibly have
+    unspecified other impact via a small bit-depth value in an IHDR
+    (aka image header) chunk in a PNG image.
+  * CVE-2016-0402: Unspecified vulnerability in the Java SE and
+    Java SE Embedded components in Oracle Java SE 6u105, 7u91, and
+    8u66 and Java SE Embedded 8u65 allows remote attackers to affect
+    integrity via unknown vectors related to Networking. 
+  * CVE-2016-0448: Unspecified vulnerability in the Java SE and
+    Java SE Embedded components in Oracle Java SE 6u105, 7u91, and
+    8u66, and Java SE Embedded 8u65 allows remote authenticated
+    users to affect confidentiality via vectors related to JMX.
+  * CVE-2016-0466: Unspecified vulnerability in the Java SE, Java SE
+    Embedded, and JRockit components in Oracle Java SE 6u105, 7u91,
+    and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows
+    remote attackers to affect availability via vectors related to
+    JAXP. 
+  * CVE-2016-0475: Unspecified vulnerability in the Java SE, Java SE
+    Embedded, and JRockit components in Oracle Java SE 8u66; Java SE
+    Embedded 8u65; and JRockit R28.3.8 allows remote attackers to
+    affect confidentiality and integrity via unknown vectors related
+    to Libraries. 
+  * CVE-2016-0483: Unspecified vulnerability in the Java SE, Java SE
+    Embedded, and JRockit components in Oracle Java SE 6u105, 7u91,
+    and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows
+    remote attackers to affect confidentiality, integrity, and
+    availability via vectors related to AWT. 
+  * CVE-2016-0494: Unspecified vulnerability in the Java SE and Java
+    SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66
+    and Java SE Embedded 8u65 allows remote attackers to affect
+    confidentiality, integrity, and availability via unknown vectors
+    related to 2D. 
+- Modified patch:
+  * s390-java-opts.patch
+    + rediff to the changed context
+
 -------------------------------------------------------------------
 Thu Oct 22 12:19:38 UTC 2015 - fstrba@suse.com