From 550c356eec51c1ed2f7e6ade500bc9f664111f34b2872d9d8933680ce796d2ad Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Thu, 22 Oct 2015 12:29:31 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=123 --- java-1_8_0-openjdk.changes | 61 +++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes index 6bb6f28..9190ac2 100644 --- a/java-1_8_0-openjdk.changes +++ b/java-1_8_0-openjdk.changes @@ -1,3 +1,62 @@ +------------------------------------------------------------------- +Thu Oct 22 12:19:38 UTC 2015 - fstrba@suse.com + +- Upgrade to upstream tag jdk8u65-b17 + * Security fix release of October 21, 2015 (bsc#951376) +- Security issues fixed: + * CVE-2015-4734: A remote user can exploit a flaw in the Embedded + JGSS component to partially access data + * CVE-2015-4803: A remote user can exploit a flaw in the JRockit + JAXP component to cause partial denial of service conditions + * CVE-2015-4805: A remote user can exploit a flaw in the Embedded + Serialization component to gain elevated privileges + * CVE-2015-4806: A remote user can exploit a flaw in the Java SE + Embedded Libraries component to partially access and partially + modify data + * CVE-2015-4835: A remote user can exploit a flaw in the Embedded + CORBA component to gain elevated privileges + * CVE-2015-4842: A remote user can exploit a flaw in the Embedded + JAXP component to partially access data + * CVE-2015-4843: A remote user can exploit a flaw in the Java SE + Embedded Libraries component to gain elevated privileges + * CVE-2015-4844: A remote user can exploit a flaw in the Embedded + 2D component to gain elevated privileges + * CVE-2015-4860: A remote user can exploit a flaw in the Embedded + RMI component to gain elevated privileges + * CVE-2015-4872: A remote user can exploit a flaw in the JRockit + Security component to partially modify data []. + * CVE-2015-4881: A remote user can exploit a flaw in the Embedded + CORBA component to gain elevated privileges + * CVE-2015-4882: A remote user can exploit a flaw in the Embedded + CORBA component to cause partial denial of service conditions + * CVE-2015-4883: A remote user can exploit a flaw in the Embedded + RMI component to gain elevated privileges + * CVE-2015-4893: A remote user can exploit a flaw in the JRockit + JAXP component to cause partial denial of service conditions + * CVE-2015-4902: A remote user can exploit a flaw in the Java SE + Deployment component to partially modify data + * CVE-2015-4903: A remote user can exploit a flaw in the Embedded + RMI component to partially access data + * CVE-2015-4911: A remote user can exploit a flaw in the JRockit + JAXP component to cause partial denial of service conditions + * CVE-2015-4810: A local user can exploit a flaw in the Java SE + Deployment component to gain elevated privileges + * CVE-2015-4840: A remote user can exploit a flaw in the Embedded + 2D component to partially access data + * CVE-2015-4868: A remote user can exploit a flaw in the Java SE + Embedded Libraries component to gain elevated privileges + * CVE-2015-4901: A remote user can exploit a flaw in the JavaFX + component to gain elevated privileges + * CVE-2015-4906: A remote user can exploit a flaw in the JavaFX + component to partially access data + * CVE-2015-4908: A remote user can exploit a flaw in the JavaFX + component to partially access data + * CVE-2015-4916: A remote user can exploit a flaw in the JavaFX + component to partially access data +- Modified patch: + * s390-size_t.patch + - Account for an additional uintptr_t <-> size_t mismatch + ------------------------------------------------------------------- Wed Aug 19 08:12:09 UTC 2015 - fstrba@suse.com @@ -12,7 +71,7 @@ Wed Aug 19 08:12:09 UTC 2015 - fstrba@suse.com - Fixed differently upstream * applet-hole.patch - Not needed any more with recent versions of icedtea-web -Modified patches +- Modified patches * aarch64-misc.patch - Rediff to correspond to the new context - Added bits from aarch64-port/jdk8/jdk