Bug 747208

Summary: VUL-0: java-1_6_0-openjdk: icedtea6 1.10.6 and 1.11.1 security release
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: meissner, melchiaros, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:11.4:45618 maint:released:sle11-sp1:45622
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2012-02-15 18:50:39 UTC 
http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.1/NEWS

New in release 1.11.1 (2012-02-14):

* Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
* Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch 


New in release 1.10.6 (2012-02-14):
* Security fixes
 - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
 - S7088367, CVE-2011-3563: Fix issues in java sound
 - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
 - S7110687, CVE-2012-0503: Issues with TimeZone class
 - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
 - S7110704, CVE-2012-0506: Issues with some method in corba
 - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
 - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
 - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server
* Bug fixes
 - RH580478: Desktop files should not use hardcoded path
Comment 1 Swamp Workflow Management 2012-02-15 18:52:20 UTC 
The SWAMPID for this issue is 45542.
This issue was rated as important.
Please submit fixed packages until 2012-02-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Swamp Workflow Management 2012-02-15 23:00:21 UTC 
bugbot adjusting priority
Comment 3 Michal Vyskocil 2012-02-16 11:03:58 UTC 
I would follow the 1.11.1 everywhere as usual
Comment 6 Bernhard Wiedemann 2012-02-20 10:00:16 UTC 
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/105974 11.4 / java-1_6_0-openjdk
Comment 7 Michal Vyskocil 2012-02-20 10:21:13 UTC 
submitted fixed packages:

12.1: 105985
11.4: 105974
11.2: 105983
11.1: 105984

@wolfgang: not sure, if evergreen for 11.3 is planned or not, but sources are available at home:mvyskocil:branches:OBS_Maintained:java-1_6_0-openjdk java-1_6_0-openjdk.openSUSE_11.3 as well
Comment 8 Bernhard Wiedemann 2012-02-20 11:00:14 UTC 
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/105983 Evergreen:11.2 / java-1_6_0-openjdk
https://build.opensuse.org/request/show/105984 Evergreen:11.1 / java-1_6_0-openjdk
https://build.opensuse.org/request/show/105985 12.1 / java-1_6_0-openjdk
Comment 10 Bernhard Wiedemann 2012-02-21 13:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106302 11.4 / java-1_6_0-openjdk
Comment 11 Michal Vyskocil 2012-02-21 13:06:02 UTC 
*** Bug 706068 has been marked as a duplicate of this bug. ***
Comment 12 Bernhard Wiedemann 2012-02-22 18:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106535 Evergreen:11.2 / java-1_6_0-openjdk
Comment 13 Bernhard Wiedemann 2012-02-22 19:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106539 Evergreen:11.1 / java-1_6_0-openjdk
Comment 14 Swamp Workflow Management 2012-02-27 14:06:17 UTC 
Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-demo-debuginfo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-devel-debuginfo, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-plugin, java-1_6_0-openjdk-plugin-debuginfo, java-1_6_0-openjdk-src
Products:
openSUSE 11.4 (debug, i586, x86_64)
Comment 15 Marcus Meissner 2012-02-27 14:08:55 UTC 
released, thanks!
Comment 16 Swamp Workflow Management 2012-02-27 16:36:36 UTC 
Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-src
Products:
SLE-DEBUGINFO 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)