prr [Tue, 03 Mar 2009 16:10:37 -0800] rev 2609
2163516: Font.createFont can be persuaded to leak temporary files
Reviewed-by: igor
bae [Fri, 20 Feb 2009 13:48:32 +0300] rev 2608
6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8]
Reviewed-by: prr
ksrini [Wed, 18 Feb 2009 14:14:03 -0800] rev 2607
6792554: Java JAR Pack200 header checks are insufficent
Summary: Added several checks to ensure that the values read from the headers are consistent
Reviewed-by: jrose
prr [Mon, 05 Jan 2009 11:28:43 -0800] rev 2606
6632886: Font.createFont can be persuaded to leak temporary files
6522586: Enforce limits on Font creation
6652929: Font.createFont(int,File) trusts File.getPath
Reviewed-by: igor
weijun [Tue, 30 Dec 2008 10:42:45 +0800] rev 2605
6717680: LdapCtx does not close the connection if initialization fails
Reviewed-by: vinnie, xuelei
prr [Wed, 24 Dec 2008 15:48:59 -0800] rev 2604
6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values
Reviewed-by: igor, jgodinez
bae [Wed, 03 Dec 2008 13:34:50 +0300] rev 2603
6766136: corrupted gif image may cause crash in java splashscreen library.
Reviewed-by: prr, art
ksrini [Fri, 17 Oct 2008 09:43:30 -0700] rev 2602
6755943: Java JAR Pack200 Decompression should enforce stricter header checks
Summary: Fixes a core dump when fed with a faulty pack file and related malicious take over
Reviewed-by: jrose
alanb [Thu, 09 Oct 2008 21:12:56 +0100] rev 2601
6721753: File.createTempFile produces guessable file names
Reviewed-by: sherman
bae [Thu, 02 Oct 2008 20:37:43 +0400] rev 2600
6726779: ConvolveOp on USHORT raster can cause the JVM crash.
Reviewed-by: igor, prr
okutsu [Thu, 02 Oct 2008 16:49:33 +0900] rev 2599
6734167: Calendar.readObject allows elevation of privileges
Reviewed-by: peytoia
ksrini [Thu, 04 Sep 2008 09:43:32 -0700] rev 2598
6733959: Insufficient checks for "Main-Class" manifest entry in JAR files
Summary: Fixes a buffer overrun problem with a very long Main-Class attribute.
Reviewed-by: darcy
weijun [Wed, 01 Oct 2008 10:01:45 +0800] rev 2597
6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms)
Reviewed-by: jccollet, chegar
wetmore [Fri, 22 Aug 2008 18:48:00 -0700] rev 2596
6497740: Limit the size of RSA public keys
Reviewed-by: andreas, valeriep, vinnie