-
Committer:
Bazaar Package Importer
-
Author(s):
Steve Beattie
-
Date:
2011-02-23 09:41:17 UTC
-
mfrom:
(0.33.1 upstream)
-
Revision ID:
james.westby@ubuntu.com-20110223094117-a1onlognjzmk28qv
Tags: 6b20-1.9.7-0ubuntu1~9.10.1
* IcedTea6 1.9.7 release.
- SECURITY UPDATE:
+ S4421494, CVE-2010-4476: infinite loop while parsing double literal.
+ S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
+ S6907662, CVE-2010-4465: Swing timer-based security manager bypass
+ S6994263, CVE-2010-4472: Untrusted code allowed to replace
DSIG/C14N implementation
+ S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
+ S6983554, CVE-2010-4450: Launcher incorrect processing of
empty library path entries
+ S6985453, CVE-2010-4471: Java2D font-related system property leak
+ S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
+ RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes
+ RH676659: Pass -export-dynamic flag to linker using -Wl,
as option in gcc 4.6+ is broken
+ G344659: Fix issue when building on SPARC
+ Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
- debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
zerovm instead to compensate for
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631