asaha [Thu, 16 Apr 2009 22:47:29 -0700] rev 2625
Merge
asaha [Thu, 16 Apr 2009 21:08:04 -0700] rev 2624
Merge
vinnie [Tue, 10 Mar 2009 18:43:00 +0000] rev 2623
6737315: LDAP serialized data vulnerability
Reviewed-by: alanb
dfuchs [Tue, 10 Mar 2009 14:29:47 +0100] rev 2622
Merge
dfuchs [Mon, 09 Mar 2009 23:50:11 +0100] rev 2621
6721651: Security problem with out-of-the-box management
Reviewed-by: emcmanus, lmalvent
dfuchs [Tue, 10 Mar 2009 12:55:40 +0100] rev 2620
Merge
dfuchs [Mon, 09 Mar 2009 22:49:21 +0100] rev 2619
6610896: JMX Monitor handles thread groups incorrectly
Reviewed-by: emcmanus
dfuchs [Tue, 10 Mar 2009 12:47:27 +0100] rev 2618
Merge
dfuchs [Mon, 09 Mar 2009 22:34:08 +0100] rev 2617
6610888: Potential use of cleared of incorrect acc in JMX Monitor
Reviewed-by: emcmanus
dfuchs [Tue, 10 Mar 2009 12:36:55 +0100] rev 2616
Merge
dfuchs [Mon, 09 Mar 2009 22:17:52 +0100] rev 2615
6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded
Reviewed-by: emcmanus
dfuchs [Tue, 10 Mar 2009 12:28:00 +0100] rev 2614
Merge
dfuchs [Mon, 09 Mar 2009 21:49:56 +0100] rev 2613
6656633: getNotificationInfo methods static mutable
Reviewed-by: emcmanus, jfdenise
michaelm [Tue, 10 Mar 2009 03:18:22 -0700] rev 2612
6630639: lightweight HttpServer leaks file descriptors on no-data connections
Summary: not cleaning up no-data connections properly
Reviewed-by: chegar
bae [Fri, 06 Mar 2009 12:40:38 +0300] rev 2611
6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp]
Reviewed-by: prr
bae [Thu, 05 Mar 2009 19:36:51 +0300] rev 2610
6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1]
Reviewed-by: prr
prr [Tue, 03 Mar 2009 16:10:37 -0800] rev 2609
2163516: Font.createFont can be persuaded to leak temporary files
Reviewed-by: igor
bae [Fri, 20 Feb 2009 13:48:32 +0300] rev 2608
6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8]
Reviewed-by: prr
ksrini [Wed, 18 Feb 2009 14:14:03 -0800] rev 2607
6792554: Java JAR Pack200 header checks are insufficent
Summary: Added several checks to ensure that the values read from the headers are consistent
Reviewed-by: jrose
prr [Mon, 05 Jan 2009 11:28:43 -0800] rev 2606
6632886: Font.createFont can be persuaded to leak temporary files
6522586: Enforce limits on Font creation
6652929: Font.createFont(int,File) trusts File.getPath
Reviewed-by: igor
weijun [Tue, 30 Dec 2008 10:42:45 +0800] rev 2605
6717680: LdapCtx does not close the connection if initialization fails
Reviewed-by: vinnie, xuelei
prr [Wed, 24 Dec 2008 15:48:59 -0800] rev 2604
6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values
Reviewed-by: igor, jgodinez
bae [Wed, 03 Dec 2008 13:34:50 +0300] rev 2603
6766136: corrupted gif image may cause crash in java splashscreen library.
Reviewed-by: prr, art
ksrini [Fri, 17 Oct 2008 09:43:30 -0700] rev 2602
6755943: Java JAR Pack200 Decompression should enforce stricter header checks
Summary: Fixes a core dump when fed with a faulty pack file and related malicious take over
Reviewed-by: jrose
alanb [Thu, 09 Oct 2008 21:12:56 +0100] rev 2601
6721753: File.createTempFile produces guessable file names
Reviewed-by: sherman
bae [Thu, 02 Oct 2008 20:37:43 +0400] rev 2600
6726779: ConvolveOp on USHORT raster can cause the JVM crash.
Reviewed-by: igor, prr
okutsu [Thu, 02 Oct 2008 16:49:33 +0900] rev 2599
6734167: Calendar.readObject allows elevation of privileges
Reviewed-by: peytoia
ksrini [Thu, 04 Sep 2008 09:43:32 -0700] rev 2598
6733959: Insufficient checks for "Main-Class" manifest entry in JAR files
Summary: Fixes a buffer overrun problem with a very long Main-Class attribute.
Reviewed-by: darcy
weijun [Wed, 01 Oct 2008 10:01:45 +0800] rev 2597
6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms)
Reviewed-by: jccollet, chegar
wetmore [Fri, 22 Aug 2008 18:48:00 -0700] rev 2596
6497740: Limit the size of RSA public keys
Reviewed-by: andreas, valeriep, vinnie