Bug 747208 – VUL-0: java-1_6_0-openjdk: icedtea6 1.10.6 and 1.11.1 security release

Bug 747208 - VUL-0: java-1_6_0-openjdk: icedtea6 1.10.6 and 1.11.1 security release


Summary:	VUL-0: java-1_6_0-openjdk: icedtea6 1.10.6 and 1.11.1 security release

Status:	RESOLVED FIXED
Duplicates:	706068 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:11.4:45618 maint:relea...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2012-02-15 18:50 UTC by Marcus Meissner
Modified:	2012-02-29 14:34 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2012-02-15 18:50:39 UTC

http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.1/NEWS

New in release 1.11.1 (2012-02-14):

* Security fixes
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server
* Bug fixes
- PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch 


New in release 1.10.6 (2012-02-14):
* Security fixes
 - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
 - S7088367, CVE-2011-3563: Fix issues in java sound
 - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method
 - S7110687, CVE-2012-0503: Issues with TimeZone class
 - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass
 - S7110704, CVE-2012-0506: Issues with some method in corba
 - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object
 - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing
 - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server
* Bug fixes
 - RH580478: Desktop files should not use hardcoded path

Comment 1 Swamp Workflow Management 2012-02-15 18:52:20 UTC

The SWAMPID for this issue is 45542.
This issue was rated as important.
Please submit fixed packages until 2012-02-22.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 2 Swamp Workflow Management 2012-02-15 23:00:21 UTC

bugbot adjusting priority

Comment 3 Michal Vyskocil 2012-02-16 11:03:58 UTC

I would follow the 1.11.1 everywhere as usual

Comment 6 Bernhard Wiedemann 2012-02-20 10:00:16 UTC

This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/105974 11.4 / java-1_6_0-openjdk

Comment 7 Michal Vyskocil 2012-02-20 10:21:13 UTC

submitted fixed packages:

12.1: 105985
11.4: 105974
11.2: 105983
11.1: 105984

@wolfgang: not sure, if evergreen for 11.3 is planned or not, but sources are available at home:mvyskocil:branches:OBS_Maintained:java-1_6_0-openjdk java-1_6_0-openjdk.openSUSE_11.3 as well

Comment 8 Bernhard Wiedemann 2012-02-20 11:00:14 UTC

This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/105983 Evergreen:11.2 / java-1_6_0-openjdk
https://build.opensuse.org/request/show/105984 Evergreen:11.1 / java-1_6_0-openjdk
https://build.opensuse.org/request/show/105985 12.1 / java-1_6_0-openjdk

Comment 10 Bernhard Wiedemann 2012-02-21 13:00:10 UTC

This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106302 11.4 / java-1_6_0-openjdk

Comment 11 Michal Vyskocil 2012-02-21 13:06:02 UTC

*** Bug 706068 has been marked as a duplicate of this bug. ***

Comment 12 Bernhard Wiedemann 2012-02-22 18:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106535 Evergreen:11.2 / java-1_6_0-openjdk

Comment 13 Bernhard Wiedemann 2012-02-22 19:00:12 UTC

This is an autogenerated message for OBS integration:
This bug (747208) was mentioned in
https://build.opensuse.org/request/show/106539 Evergreen:11.1 / java-1_6_0-openjdk

Comment 14 Swamp Workflow Management 2012-02-27 14:06:17 UTC

Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-demo-debuginfo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-devel-debuginfo, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-plugin, java-1_6_0-openjdk-plugin-debuginfo, java-1_6_0-openjdk-src
Products:
openSUSE 11.4 (debug, i586, x86_64)

Comment 15 Marcus Meissner 2012-02-27 14:08:55 UTC

released, thanks!

Comment 16 Swamp Workflow Management 2012-02-27 16:36:36 UTC

Update released for: java-1_6_0-openjdk, java-1_6_0-openjdk-debuginfo, java-1_6_0-openjdk-debugsource, java-1_6_0-openjdk-demo, java-1_6_0-openjdk-devel, java-1_6_0-openjdk-javadoc, java-1_6_0-openjdk-src
Products:
SLE-DEBUGINFO 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)