Fri, 23 Oct 2009 12:58:10 -0700 Merge
asaha [Fri, 23 Oct 2009 12:58:10 -0700] rev 4217
Merge
Thu, 22 Oct 2009 16:28:01 -0700 Merge
asaha [Thu, 22 Oct 2009 16:28:01 -0700] rev 4216
Merge
Wed, 21 Oct 2009 11:34:19 -0700 Merge
asaha [Wed, 21 Oct 2009 11:34:19 -0700] rev 4215
Merge
Wed, 21 Oct 2009 11:28:46 -0700 Merge
asaha [Wed, 21 Oct 2009 11:28:46 -0700] rev 4214
Merge
Fri, 16 Oct 2009 11:20:38 -0700 Merge
asaha [Fri, 16 Oct 2009 11:20:38 -0700] rev 4213
Merge
Thu, 15 Oct 2009 14:41:51 -0700 Merge
asaha [Thu, 15 Oct 2009 14:41:51 -0700] rev 4212
Merge
Wed, 14 Oct 2009 14:21:25 -0700 Merge
asaha [Wed, 14 Oct 2009 14:21:25 -0700] rev 4211
Merge
Wed, 07 Oct 2009 08:38:43 -0700 Merge
asaha [Wed, 07 Oct 2009 08:38:43 -0700] rev 4210
Merge
Tue, 06 Oct 2009 21:40:55 -0700 Merge
asaha [Tue, 06 Oct 2009 21:40:55 -0700] rev 4209
Merge
Thu, 24 Sep 2009 22:50:41 +0100 6863503: SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
vinnie [Thu, 24 Sep 2009 22:50:41 +0100] rev 4208
6863503: SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities Reviewed-by: mullan, wetmore
Mon, 14 Sep 2009 11:46:16 +0400 6872358: JRE AWT setBytePixels vulnerable to Heap Overflow
bae [Mon, 14 Sep 2009 11:46:16 +0400] rev 4207
6872358: JRE AWT setBytePixels vulnerable to Heap Overflow Reviewed-by: prr, hawtin
Thu, 10 Sep 2009 14:15:47 +0400 6631533: ICC_Profile allows detecting if some files exist
bae [Thu, 10 Sep 2009 14:15:47 +0400] rev 4206
6631533: ICC_Profile allows detecting if some files exist Reviewed-by: prr, hawtin
Thu, 10 Sep 2009 14:04:38 +0400 6632445: DoS from parsing BMPs with UNC ICC links
bae [Thu, 10 Sep 2009 14:04:38 +0400] rev 4205
6632445: DoS from parsing BMPs with UNC ICC links Reviewed-by: prr, hawtin
Thu, 10 Sep 2009 13:52:27 +0400 6822057: X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
bae [Thu, 10 Sep 2009 13:52:27 +0400] rev 4204
6822057: X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations() Reviewed-by: prr, hawtin
Thu, 10 Sep 2009 13:35:28 +0400 6862968: JPEG Image Writer quantization problem
bae [Thu, 10 Sep 2009 13:35:28 +0400] rev 4203
6862968: JPEG Image Writer quantization problem Reviewed-by: prr, hawtin
Thu, 10 Sep 2009 12:50:09 +0400 6872357: JRE AWT setDifflCM vulnerable to Stack Overflow
bae [Thu, 10 Sep 2009 12:50:09 +0400] rev 4202
6872357: JRE AWT setDifflCM vulnerable to Stack Overflow Reviewed-by: prr, hawtin
Thu, 10 Sep 2009 12:26:34 +0400 6874643: ImageI/O JPEG is vulnerable to Heap Overflow
bae [Thu, 10 Sep 2009 12:26:34 +0400] rev 4201
6874643: ImageI/O JPEG is vulnerable to Heap Overflow Reviewed-by: prr, hawtin
Sat, 05 Sep 2009 07:55:05 -0700 Merge
asaha [Sat, 05 Sep 2009 07:55:05 -0700] rev 4200
Merge
Thu, 03 Sep 2009 19:42:27 +0400 6657026: Numerous static security flaws in Swing (findbugs)
malenkov [Thu, 03 Sep 2009 19:42:27 +0400] rev 4199
6657026: Numerous static security flaws in Swing (findbugs) Reviewed-by: hawtin, peterz
Tue, 01 Sep 2009 08:15:00 -0700 Merge
asaha [Tue, 01 Sep 2009 08:15:00 -0700] rev 4198
Merge
Mon, 31 Aug 2009 08:54:39 -0700 Merge
asaha [Mon, 31 Aug 2009 08:54:39 -0700] rev 4197
Merge
Thu, 27 Aug 2009 15:08:10 -0700 Merge
asaha [Thu, 27 Aug 2009 15:08:10 -0700] rev 4196
Merge
Wed, 26 Aug 2009 08:38:57 -0700 Merge
asaha [Wed, 26 Aug 2009 08:38:57 -0700] rev 4195
Merge
Wed, 26 Aug 2009 17:05:15 +0900 6824265: (tz) TimeZone.getTimeZone allows probing local filesystem
okutsu [Wed, 26 Aug 2009 17:05:15 +0900] rev 4194
6824265: (tz) TimeZone.getTimeZone allows probing local filesystem Reviewed-by: peytoia
Thu, 20 Aug 2009 17:16:13 -0700 6874407: Missing regression test for 6636650
valeriep [Thu, 20 Aug 2009 17:16:13 -0700] rev 4193
6874407: Missing regression test for 6636650 Summary: Prevent classloader from resurrection Reviewed-by: hawtin
Thu, 20 Aug 2009 14:49:31 -0700 6636650: (cl) Resurrected ClassLoaders can still have children
valeriep [Thu, 20 Aug 2009 14:49:31 -0700] rev 4192
6636650: (cl) Resurrected ClassLoaders can still have children Summary: Prevent classloader from resurrection Reviewed-by: hawtin
Thu, 20 Aug 2009 12:46:43 +0400 6664512: Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
dcherepanov [Thu, 20 Aug 2009 12:46:43 +0400] rev 4191
6664512: Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers Summary: toString is called on security sensitive objects Reviewed-by: art, hawtin
Tue, 18 Aug 2009 20:47:13 -0700 6861062: Disable MD2 support
xuelei [Tue, 18 Aug 2009 20:47:13 -0700] rev 4190
6861062: Disable MD2 support Reviewed-by: mullan, weijun
(0) -3000 -1000 -300 -100 -50 -28 +28 +50 +100 +300 +1000 +3000 +10000 +30000 tip