3388c96bba
Changes in 1.5.0_22 The full internal version number for this update release is 1.5.0_22-b03 (where "b" means "build"). The external version number is 5.0u22. OlsonData 2009m This release contains Olson time zone data version 2009m. For more information, refer to Timezone Data Versions in the JRE Software . Security Baseline This update release specifies the following security baseline: JRE Family Version Java SE Security Baseline Java SE for Business Security Baseline 1.4.2 1.4.2_19 1.4.2_24 In December, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers. For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer . Root Certificates Root Certificates are included in this release. * Added one new root certificate for SECOM. (Refer to 6872579.) * Added one new root certificate for GlobalSign. (Refer to 6860447.) Bug Fixes This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 269868, 270474, 270475, and 270476. Bug fixes for vulnerabilities are listed in the following table. BugId Category Subcategory Description 6631533 java classes_2d ICC_Profile allows detecting if some files exist 6815780 java classes_2d TrueType font parsing crash when stressing Sun Bug 6751322 test case 6822057 java classes_2d X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations() 6862969 java classes_2d JPEG JFIF Decoder issue 6862970 java classes_2d Image Color Profile parsing issue 6872357 java classes_2d JRE AWT setDifflCM vulnerable to Stack Overflow 6872358 java classes_2d JRE AWT setBytePixels vulnerable to Heap Overflow 6664512 java classes_awt Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers 6636650 java classes_lang (cl) Resurrected ClassLoaders can still have children 6861062 java classes_security Disable MD2 in certificate chain validation 6863503 java classes_security SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities 6864911 java classes_security ASN.1/DER input stream parser needs more work 6854303 java classes_sound Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability 6657026 java classes_swing Numerous static security flaws in Swing (findbugs) 6657138 java classes_swing Mutable statics in Windows PL&F (findbugs) 6824265 java classes_util_i18n (tz) TimeZone.getTimeZone allows probing local filesystem 6632445 java imageio DoS from parsing BMPs with UNC ICC links 6862968 java imageio JPEG Image Writer quantization problem 6874643 java imageio ImageI/O JPEG is vulnerable to Heap Overflow 6869694 java install java update malfunctioning Other bug fixes are listed in the following table. BugId Category Subcategory Description 6876061 java classes_awt Following JCK5 test not working as exp-d on linux: awt-interactive-ComponentTests 6860447 java classes_security Add GlobalSign R3 Root certificate to the JDK 6872579 java classes_security Add SECOM Root CA 2 to JDK 6880110 java classes_util_i18n (tz) Support tzdata2009m Changes in 1.5.0_21 The full internal version number for this update release is 1.5.0_21-b01 (where "b" means "build"). The external version number is 5.0u21. OlsonData 2009l This release contains Olson time zone data version 2009l. For more information, refer to Timezone Data Versions in the JRE Software . Security Baseline This update release specifies the following security baseline: JRE Family Version Java SE Security Baseline Java SE for Business Security Baseline 1.4.2 1.4.2_19 1.4.2_22 On October 30, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers. For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer . Additional Supported System Configurations As of this update, support has been added for the following system configurations: * Windows Vista SP2 * Windows Server 2008 SP2 Refer to the Supported System Configurations page. Bug Fixes Bug fixes are listed in the following table. BugId Category Subcategory Description 6422099 hotspot compiler2 C2 assert("live value must not be garbage") 6445745 hotspot compiler2 TransformerManagementThreadAddTests.java fails an assertion 6772683 hotspot compiler2 Thread.isInterrupted() fails to return true on multiprocessor PC 6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2 6845161 jaas login Bottleneck in Configuration.getConfiguration synchronized call 6860491 java classes_awt WRAP_TIME_MILLIS incorrectly set 6843003 java classes_lang Windows Server 2008 R2 system recognition 6808046 java classes_swing Having image problems on Asian Languages display 6645292 java classes_text [Fmt-Da] Timezone Western Summer Time (Australia) is parsed incorrectly 6665028 java classes_text native code of method j*.text.Bidi.nativeBidiChars is using the contents of a primitive array direct 6872467 java classes_util_i18n (tz) Support tzdata2009l 6814140 java classes_util_logging deadlock due to synchronized demandLogger() code that locks ServerLogManager 6817482 java_plugin iexplorer On IE, modal JDialog from an Applet in html frame is not modal 6432317 java_plugin misc Vista: Java Plugin won't be able to launch extension installers. 6818278 javawebstart jnlp_file sunmc console when started with javaws does not communicate with the firewall port range 6748156 jndi ldap add an new JNDI property to control the boolean flag WaitForReply (JDK5) 6750362 jndi ldap Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls |
||
---|---|---|
.. | ||
files | ||
buildlink3.mk | ||
builtin.mk | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST.linux-i386 | ||
PLIST.linux-x86_64 |