Bug 747208 - VUL-0: java-1_6_0-openjdk: icedtea6 1.10.6 and 1.11.1 security release
VUL-0: java-1_6_0-openjdk: icedtea6 1.10.6 and 1.11.1 security release
Status: RESOLVED FIXED
: 706068 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:11.4:45618 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-15 18:50 UTC by Marcus Meissner
Modified: 2012-02-29 14:34 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-02-15 18:50:39 UTC
http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.1/NEWS

New in release 1.11.1 (2012-02-14):

* Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
* Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch 


New in release 1.10.6 (2012-02-14):
* Security fixes
 - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
 - S7088367, CVE-2011-3563: Fix issues in java sound
 - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
 - S7110687, CVE-2012-0503: Issues with TimeZone class
 - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
 - S7110704, CVE-2012-0506: Issues with some method in corba
 - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
 - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
 - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server
* Bug fixes
 - RH580478: Desktop files should not use hardcoded path
Comment 1 Swamp Workflow Management 2012-02-15 18:52:20 UTC
The SWAMPID for this issue is 45542.
This issue was rated as important.
Please submit fixed packages until 2012-02-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Swamp Workflow Management 2012-02-15 23:00:21 UTC
bugbot adjusting priority
Comment 3 Michal Vyskocil 2012-02-16 11:03:58 UTC
I would follow the 1.11.1 everywhere as usual
Comment 6 Bernhard Wiedemann 2012-02-20 10:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/105974 11.4 / java-1_6_0-openjdk
Comment 7 Michal Vyskocil 2012-02-20 10:21:13 UTC
submitted fixed packages:

12.1: 105985
11.4: 105974
11.2: 105983
11.1: 105984

@wolfgang: not sure, if evergreen for 11.3 is planned or not, but sources are available at home:mvyskocil:branches:OBS_Maintained:java-1_6_0-openjdk java-1_6_0-openjdk.openSUSE_11.3 as well
Comment 8 Bernhard Wiedemann 2012-02-20 11:00:14 UTC
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/105983 Evergreen:11.2 / java-1_6_0-openjdk
https://build.opensuse.org/request/show/105984 Evergreen:11.1 / java-1_6_0-openjdk
https://build.opensuse.org/request/show/105985 12.1 / java-1_6_0-openjdk
Comment 10 Bernhard Wiedemann 2012-02-21 13:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106302 11.4 / java-1_6_0-openjdk
Comment 11 Michal Vyskocil 2012-02-21 13:06:02 UTC
*** Bug 706068 has been marked as a duplicate of this bug. ***
Comment 12 Bernhard Wiedemann 2012-02-22 18:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106535 Evergreen:11.2 / java-1_6_0-openjdk
Comment 13 Bernhard Wiedemann 2012-02-22 19:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106539 Evergreen:11.1 / java-1_6_0-openjdk
Comment 14 Swamp Workflow Management 2012-02-27 14:06:17 UTC
Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-demo-debuginfo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-devel-debuginfo, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-plugin, java-1_6_0-openjdk-plugin-debuginfo, java-1_6_0-openjdk-src
Products:
openSUSE 11.4 (debug, i586, x86_64)
Comment 15 Marcus Meissner 2012-02-27 14:08:55 UTC
released, thanks!
Comment 16 Swamp Workflow Management 2012-02-27 16:36:36 UTC
Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-src
Products:
SLE-DEBUGINFO 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)