--------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2982 2009-03-24 05:10:27 --------------------------------------------------------------------------------Name : java-1.6.0-openjdk Product : Fedora 10 Version : 1.6.0.0 Release : 11.b14.fc10 URL : https://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. --------------------------------------------------------------------------------Update Information: Fixes important lcms security bug which gives unwarranted access to malicious users. --------------------------------------------------------------------------------ChangeLog: * Fri Mar 20 2009 Lillian Angel - 1:1.6.0-11.b14 - Added java-1.6.0-openjdk-lcms.patch. * Wed Feb 11 2009 Dennis Gilmore - 1:1.6.0-10.b14 - fix sparc arch building asm-sparc has gone. we only have asm/ now - add sparc arches back to the jit arch list * Mon Jan 26 2009 Lillian Angel - 1:1.6.0-10.b14 - Updated sources. * Fri Jan 23 2009 Lillian Angel - 1:1.6.0-10.b14 - Added accessibility patch. * Thu Jan 22 2009 Lillian Angel - 1:1.6.0-10.b14 - Updated to icedtea-1.4 snapshot. - Updated release. - Removed netbeans and visualvm. - Added hotspot source. - Added --with-hotspot-src-zip build option. - Set runtests to 1. - Updated jtreg log. - Updated openjdkver. - Updated openjdkdate. - Added new patch to add GNOME to java.security. - Resolves: rhbz#472953 - Resolves: rhbz#475081 - Resolves: rhbz#452573 - Resolves: rhbz#474431 - Resolves: rhbz#474503 - Resolves: rhbz#472862 - Resolves: rhbz#477351 - Resolves: rhbz#475109 - Resolves: rhbz#476462 * Sun Jan 11 2009 Lillian Angel - 1:1.6.0-8.b12 - Removed README.plugin, updated source list. - Updated release. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Set runtests to 0. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Updated pkgversion to include release and arch. - Set runtests to 1. - Added new security patch. - Resolves: rhbz#468484 - Resolves: rhbz#472862 - Resolves: rhbz#472234 - Resolves: rhbz#472233 - Resolves: rhbz#472231 - Resolves: rhbz#472228 - Resolves: rhbz#472224 - Resolves: rhbz#472218 - Resolves: rhbz#472213 - Resolves: rhbz#472212 - Resolves: rhbz#472211 - Resolves: rhbz#472209 - Resolves: rhbz#472208 - Resolves: rhbz#472206 - Resolves: rhbz#472201 * Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12 - Removed java-1.6.0-openjdk-plugin-1217.patch. - Added java-1.6.0-openjdk-plugin-1219.patch. - Updated Release. * Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12 - Added plugin patch to resolve issues on 64-bit. - Resolves: rhbz#471987 - Resolves: rhbz#465531 - Resolves: rhbz#470551 * Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12 - Redirect error from removing gcjwebplugin link. - Resolves: rhbz#471568 * Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12 - Added java-fonts to Provides for base package. - Resolves: rhbz#469893 * Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12 - Fixed pulse audio build requirements. - Updated release. - Resolves: rhbz#471229 * Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12 - Updated icedteasnapshot. - Resolves: rhbz#453290 - Resolves: rhbz#469361 * Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12 - Re-enabled pulse java. Fix committed upstream to prevent TCK failures. - Updated release. - Updated icedteasnapshot. - Updated icedteaver. - Updated visualvm source. * Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed post plugin scriptlet to work for install, as well as upgrade. * Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed release string. --------------------------------------------------------------------------------References: [ 1 ] Bug #487508 - CVE-2009-0723 LittleCms integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=487508 [ 2 ] Bug #487509 - CVE-2009-0581 LittleCms memory leak https://bugzilla.redhat.com/show_bug.cgi?id=487509 [ 3 ] Bug #487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes https://bugzilla.redhat.com/show_bug.cgi?id=487512 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-11.b14.fc10

March 24, 2009

Fixes important lcms security bug which gives unwarranted access to malicious users.

Summary

The OpenJDK runtime environment.

Fixes important lcms security bug which gives unwarranted access to malicious

users.

* Fri Mar 20 2009 Lillian Angel - 1:1.6.0-11.b14

- Added java-1.6.0-openjdk-lcms.patch.

* Wed Feb 11 2009 Dennis Gilmore - 1:1.6.0-10.b14

- fix sparc arch building asm-sparc has gone. we only have asm/ now

- add sparc arches back to the jit arch list

* Mon Jan 26 2009 Lillian Angel - 1:1.6.0-10.b14

- Updated sources.

* Fri Jan 23 2009 Lillian Angel - 1:1.6.0-10.b14

- Added accessibility patch.

* Thu Jan 22 2009 Lillian Angel - 1:1.6.0-10.b14

- Updated to icedtea-1.4 snapshot.

- Updated release.

- Removed netbeans and visualvm.

- Added hotspot source.

- Added --with-hotspot-src-zip build option.

- Set runtests to 1.

- Updated jtreg log.

- Updated openjdkver.

- Updated openjdkdate.

- Added new patch to add GNOME to java.security.

- Resolves: rhbz#472953

- Resolves: rhbz#475081

- Resolves: rhbz#452573

- Resolves: rhbz#474431

- Resolves: rhbz#474503

- Resolves: rhbz#472862

- Resolves: rhbz#477351

- Resolves: rhbz#475109

- Resolves: rhbz#476462

* Sun Jan 11 2009 Lillian Angel - 1:1.6.0-8.b12

- Removed README.plugin, updated source list.

- Updated release.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Set runtests to 0.

* Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12

- Updated pkgversion to include release and arch.

- Set runtests to 1.

- Added new security patch.

- Resolves: rhbz#468484

- Resolves: rhbz#472862

- Resolves: rhbz#472234

- Resolves: rhbz#472233

- Resolves: rhbz#472231

- Resolves: rhbz#472228

- Resolves: rhbz#472224

- Resolves: rhbz#472218

- Resolves: rhbz#472213

- Resolves: rhbz#472212

- Resolves: rhbz#472211

- Resolves: rhbz#472209

- Resolves: rhbz#472208

- Resolves: rhbz#472206

- Resolves: rhbz#472201

* Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12

- Removed java-1.6.0-openjdk-plugin-1217.patch.

- Added java-1.6.0-openjdk-plugin-1219.patch.

- Updated Release.

* Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12

- Added plugin patch to resolve issues on 64-bit.

- Resolves: rhbz#471987

- Resolves: rhbz#465531

- Resolves: rhbz#470551

* Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12

- Redirect error from removing gcjwebplugin link.

- Resolves: rhbz#471568

* Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12

- Added java-fonts to Provides for base package.

- Resolves: rhbz#469893

* Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12

- Fixed pulse audio build requirements.

- Updated release.

- Resolves: rhbz#471229

* Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12

- Updated icedteasnapshot.

- Resolves: rhbz#453290

- Resolves: rhbz#469361

* Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12

- Re-enabled pulse java. Fix committed upstream to prevent TCK failures.

- Updated release.

- Updated icedteasnapshot.

- Updated icedteaver.

- Updated visualvm source.

* Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed post plugin scriptlet to work for install, as well as upgrade.

* Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12

- Fixed release string.

[ 1 ] Bug #487508 - CVE-2009-0723 LittleCms integer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=487508

[ 2 ] Bug #487509 - CVE-2009-0581 LittleCms memory leak

https://bugzilla.redhat.com/show_bug.cgi?id=487509

[ 3 ] Bug #487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes

https://bugzilla.redhat.com/show_bug.cgi?id=487512

su -c 'yum update java-1.6.0-openjdk' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2009-2982 2009-03-24 05:10:27 Product : Fedora 10 Version : 1.6.0.0 Release : 11.b14.fc10 URL : https://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment. Fixes important lcms security bug which gives unwarranted access to malicious users. * Fri Mar 20 2009 Lillian Angel - 1:1.6.0-11.b14 - Added java-1.6.0-openjdk-lcms.patch. * Wed Feb 11 2009 Dennis Gilmore - 1:1.6.0-10.b14 - fix sparc arch building asm-sparc has gone. we only have asm/ now - add sparc arches back to the jit arch list * Mon Jan 26 2009 Lillian Angel - 1:1.6.0-10.b14 - Updated sources. * Fri Jan 23 2009 Lillian Angel - 1:1.6.0-10.b14 - Added accessibility patch. * Thu Jan 22 2009 Lillian Angel - 1:1.6.0-10.b14 - Updated to icedtea-1.4 snapshot. - Updated release. - Removed netbeans and visualvm. - Added hotspot source. - Added --with-hotspot-src-zip build option. - Set runtests to 1. - Updated jtreg log. - Updated openjdkver. - Updated openjdkdate. - Added new patch to add GNOME to java.security. - Resolves: rhbz#472953 - Resolves: rhbz#475081 - Resolves: rhbz#452573 - Resolves: rhbz#474431 - Resolves: rhbz#474503 - Resolves: rhbz#472862 - Resolves: rhbz#477351 - Resolves: rhbz#475109 - Resolves: rhbz#476462 * Sun Jan 11 2009 Lillian Angel - 1:1.6.0-8.b12 - Removed README.plugin, updated source list. - Updated release. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Set runtests to 0. * Tue Dec 2 2008 Lillian Angel - 1:1.6.0-7.b12 - Updated pkgversion to include release and arch. - Set runtests to 1. - Added new security patch. - Resolves: rhbz#468484 - Resolves: rhbz#472862 - Resolves: rhbz#472234 - Resolves: rhbz#472233 - Resolves: rhbz#472231 - Resolves: rhbz#472228 - Resolves: rhbz#472224 - Resolves: rhbz#472218 - Resolves: rhbz#472213 - Resolves: rhbz#472212 - Resolves: rhbz#472211 - Resolves: rhbz#472209 - Resolves: rhbz#472208 - Resolves: rhbz#472206 - Resolves: rhbz#472201 * Mon Nov 24 2008 Lillian Angel - 1:1.6.0-6.b12 - Removed java-1.6.0-openjdk-plugin-1217.patch. - Added java-1.6.0-openjdk-plugin-1219.patch. - Updated Release. * Fri Nov 21 2008 Lillian Angel - 1:1.6.0-5.b12 - Added plugin patch to resolve issues on 64-bit. - Resolves: rhbz#471987 - Resolves: rhbz#465531 - Resolves: rhbz#470551 * Thu Nov 20 2008 Lillian Angel - 1:1.6.0-5.b12 - Redirect error from removing gcjwebplugin link. - Resolves: rhbz#471568 * Thu Nov 13 2008 Lillian Angel - 1:1.6.0-4.b12 - Added java-fonts to Provides for base package. - Resolves: rhbz#469893 * Wed Nov 12 2008 Lillian Angel - 1:1.6.0-4.b12 - Fixed pulse audio build requirements. - Updated release. - Resolves: rhbz#471229 * Fri Nov 7 2008 Lillian Angel - 1:1.6.0-3.b12 - Updated icedteasnapshot. - Resolves: rhbz#453290 - Resolves: rhbz#469361 * Wed Nov 5 2008 Lillian Angel - 1:1.6.0-3.b12 - Re-enabled pulse java. Fix committed upstream to prevent TCK failures. - Updated release. - Updated icedteasnapshot. - Updated icedteaver. - Updated visualvm source. * Thu Oct 30 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed post plugin scriptlet to work for install, as well as upgrade. * Wed Oct 29 2008 Lillian Angel - 1:1.6.0-2.b12 - Fixed release string. [ 1 ] Bug #487508 - CVE-2009-0723 LittleCms integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=487508 [ 2 ] Bug #487509 - CVE-2009-0581 LittleCms memory leak https://bugzilla.redhat.com/show_bug.cgi?id=487509 [ 3 ] Bug #487512 - CVE-2009-0733 LittleCms lack of upper-bounds check on sizes https://bugzilla.redhat.com/show_bug.cgi?id=487512 su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce