Thu, 16 Apr 2009 22:47:29 -0700 Merge
asaha [Thu, 16 Apr 2009 22:47:29 -0700] rev 2625
Merge
Thu, 16 Apr 2009 21:08:04 -0700 Merge
asaha [Thu, 16 Apr 2009 21:08:04 -0700] rev 2624
Merge
Tue, 10 Mar 2009 18:43:00 +0000 6737315: LDAP serialized data vulnerability
vinnie [Tue, 10 Mar 2009 18:43:00 +0000] rev 2623
6737315: LDAP serialized data vulnerability Reviewed-by: alanb
Tue, 10 Mar 2009 14:29:47 +0100 Merge
dfuchs [Tue, 10 Mar 2009 14:29:47 +0100] rev 2622
Merge
Mon, 09 Mar 2009 23:50:11 +0100 6721651: Security problem with out-of-the-box management
dfuchs [Mon, 09 Mar 2009 23:50:11 +0100] rev 2621
6721651: Security problem with out-of-the-box management Reviewed-by: emcmanus, lmalvent
Tue, 10 Mar 2009 12:55:40 +0100 Merge
dfuchs [Tue, 10 Mar 2009 12:55:40 +0100] rev 2620
Merge
Mon, 09 Mar 2009 22:49:21 +0100 6610896: JMX Monitor handles thread groups incorrectly
dfuchs [Mon, 09 Mar 2009 22:49:21 +0100] rev 2619
6610896: JMX Monitor handles thread groups incorrectly Reviewed-by: emcmanus
Tue, 10 Mar 2009 12:47:27 +0100 Merge
dfuchs [Tue, 10 Mar 2009 12:47:27 +0100] rev 2618
Merge
Mon, 09 Mar 2009 22:34:08 +0100 6610888: Potential use of cleared of incorrect acc in JMX Monitor
dfuchs [Mon, 09 Mar 2009 22:34:08 +0100] rev 2617
6610888: Potential use of cleared of incorrect acc in JMX Monitor Reviewed-by: emcmanus
Tue, 10 Mar 2009 12:36:55 +0100 Merge
dfuchs [Tue, 10 Mar 2009 12:36:55 +0100] rev 2616
Merge
Mon, 09 Mar 2009 22:17:52 +0100 6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded
dfuchs [Mon, 09 Mar 2009 22:17:52 +0100] rev 2615
6691246: Thread context class loader can be set using JMX remote ClientNotifForwarded Reviewed-by: emcmanus
Tue, 10 Mar 2009 12:28:00 +0100 Merge
dfuchs [Tue, 10 Mar 2009 12:28:00 +0100] rev 2614
Merge
Mon, 09 Mar 2009 21:49:56 +0100 6656633: getNotificationInfo methods static mutable
dfuchs [Mon, 09 Mar 2009 21:49:56 +0100] rev 2613
6656633: getNotificationInfo methods static mutable Reviewed-by: emcmanus, jfdenise
Tue, 10 Mar 2009 03:18:22 -0700 6630639: lightweight HttpServer leaks file descriptors on no-data connections
michaelm [Tue, 10 Mar 2009 03:18:22 -0700] rev 2612
6630639: lightweight HttpServer leaks file descriptors on no-data connections Summary: not cleaning up no-data connections properly Reviewed-by: chegar
Fri, 06 Mar 2009 12:40:38 +0300 6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp]
bae [Fri, 06 Mar 2009 12:40:38 +0300] rev 2611
6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp] Reviewed-by: prr
Thu, 05 Mar 2009 19:36:51 +0300 6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1]
bae [Thu, 05 Mar 2009 19:36:51 +0300] rev 2610
6804998: JRE GIF Decoding Heap Corruption [V-y6g5jlm8e1] Reviewed-by: prr
Tue, 03 Mar 2009 16:10:37 -0800 2163516: Font.createFont can be persuaded to leak temporary files
prr [Tue, 03 Mar 2009 16:10:37 -0800] rev 2609
2163516: Font.createFont can be persuaded to leak temporary files Reviewed-by: igor
Fri, 20 Feb 2009 13:48:32 +0300 6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8]
bae [Fri, 20 Feb 2009 13:48:32 +0300] rev 2608
6804996: JWS PNG Decoding Integer Overflow [V-flrhat2ln8] Reviewed-by: prr
Wed, 18 Feb 2009 14:14:03 -0800 6792554: Java JAR Pack200 header checks are insufficent
ksrini [Wed, 18 Feb 2009 14:14:03 -0800] rev 2607
6792554: Java JAR Pack200 header checks are insufficent Summary: Added several checks to ensure that the values read from the headers are consistent Reviewed-by: jrose
Mon, 05 Jan 2009 11:28:43 -0800 6632886: Font.createFont can be persuaded to leak temporary files
prr [Mon, 05 Jan 2009 11:28:43 -0800] rev 2606
6632886: Font.createFont can be persuaded to leak temporary files 6522586: Enforce limits on Font creation 6652929: Font.createFont(int,File) trusts File.getPath Reviewed-by: igor
Tue, 30 Dec 2008 10:42:45 +0800 6717680: LdapCtx does not close the connection if initialization fails
weijun [Tue, 30 Dec 2008 10:42:45 +0800] rev 2605
6717680: LdapCtx does not close the connection if initialization fails Reviewed-by: vinnie, xuelei
Wed, 24 Dec 2008 15:48:59 -0800 6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values
prr [Wed, 24 Dec 2008 15:48:59 -0800] rev 2604
6652463: MediaSize constructors allow to redefine the mapping of standard MediaSizeName values Reviewed-by: igor, jgodinez
Wed, 03 Dec 2008 13:34:50 +0300 6766136: corrupted gif image may cause crash in java splashscreen library.
bae [Wed, 03 Dec 2008 13:34:50 +0300] rev 2603
6766136: corrupted gif image may cause crash in java splashscreen library. Reviewed-by: prr, art
Fri, 17 Oct 2008 09:43:30 -0700 6755943: Java JAR Pack200 Decompression should enforce stricter header checks
ksrini [Fri, 17 Oct 2008 09:43:30 -0700] rev 2602
6755943: Java JAR Pack200 Decompression should enforce stricter header checks Summary: Fixes a core dump when fed with a faulty pack file and related malicious take over Reviewed-by: jrose
Thu, 09 Oct 2008 21:12:56 +0100 6721753: File.createTempFile produces guessable file names
alanb [Thu, 09 Oct 2008 21:12:56 +0100] rev 2601
6721753: File.createTempFile produces guessable file names Reviewed-by: sherman
Thu, 02 Oct 2008 20:37:43 +0400 6726779: ConvolveOp on USHORT raster can cause the JVM crash.
bae [Thu, 02 Oct 2008 20:37:43 +0400] rev 2600
6726779: ConvolveOp on USHORT raster can cause the JVM crash. Reviewed-by: igor, prr
Thu, 02 Oct 2008 16:49:33 +0900 6734167: Calendar.readObject allows elevation of privileges
okutsu [Thu, 02 Oct 2008 16:49:33 +0900] rev 2599
6734167: Calendar.readObject allows elevation of privileges Reviewed-by: peytoia
Thu, 04 Sep 2008 09:43:32 -0700 6733959: Insufficient checks for "Main-Class" manifest entry in JAR files
ksrini [Thu, 04 Sep 2008 09:43:32 -0700] rev 2598
6733959: Insufficient checks for "Main-Class" manifest entry in JAR files Summary: Fixes a buffer overrun problem with a very long Main-Class attribute. Reviewed-by: darcy
Wed, 01 Oct 2008 10:01:45 +0800 6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms)
weijun [Wed, 01 Oct 2008 10:01:45 +0800] rev 2597
6588160: jaas krb5 client leaks OS-level UDP sockets (all platforms) Reviewed-by: jccollet, chegar
Fri, 22 Aug 2008 18:48:00 -0700 6497740: Limit the size of RSA public keys
wetmore [Fri, 22 Aug 2008 18:48:00 -0700] rev 2596
6497740: Limit the size of RSA public keys Reviewed-by: andreas, valeriep, vinnie
(0) -1000 -300 -100 -50 -30 +30 +50 +100 +300 +1000 +3000 +10000 +30000 tip