a93a891411
Changes in 1.5.0_20 The full internal version number for this update release is 1.5.0_20-b02 (where "b" means "build"). The external version number is 5.0u20. OlsonData 2009i This release contains Olson time zone data version 2009i. For more information, refer to Timezone Data Versions in the JRE Software . Security Baseline This update release specifies the following security baseline: JRE Family Version Java SE Security Baseline Java SE for Business Security Baseline 1.4.2 1.4.2_19 1.4.2_22 In December, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers. For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer . Root Certificates Root Certificates are included in this release. * Added one new root certificate and removed 3 root certificates from Entrust. (Refer to 6805338.) * Added three new root certificates from Keynectis. (Refer to 6845457.) * Added three new root certificates from Quovadis. (Refer to 6846473.) Bug Fixes This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 263408 , 263409 , 263488 , 263489 , and 264648. Bug fixes for vulnerabilities are listed in the following table. BugId Category Subcategory Description 6656610 java accessibility AccessibleResourceBundle.getContents exposes mutable static (findbugs) 6656586 java classes_awt Cursor.predefined is protected static mutable (findbugs) 6660539 java classes_beans Introspector cache mutable static 6446522 java classes_lang 3Y Race condition in reflection checks 6801071 java classes_net Remote sites can compromise user privacy and possibly hijack web session 6801497 java classes_net Proxy is assumed to be immutable but is non-final 6406003 java classes_security Security issues in the Provider class 6429594 java classes_security Fix for 6406003 can be circumvented 6444262 java classes_security Provider deserialization still has problems 6657695 java classes_security AbstractSaslImpl.logger is a static mutable (findbugs) 6657625 java classes_sound RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs) 6738524 java classes_sound JDK13Services allows read access to system properties from untrusted code 6777448 java classes_sound JDK13Services.getProviders creates instances with full privileges 6588003 java classes_swing LayoutQueue mutable statics 6660049 java classes_swing Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics 6656625 java imageio ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs) 6657133 java imageio Mutable statics in imageio plugins (findbugs) 6830335 java jar Java JAR Pack200 Decompression Integer Overflow Vulnerability 6862844 javawebstart other java web start ActiveX control security problem caused by ATL PROP_ENTRY macro 6845701 jaxp parse Xerces2 Java XML library infinite loop with malformed XML input 6657619 jndi dns DnsContext.debug is public static mutable (findbugs) Other bug fixes are listed in the following table. BugId Category Subcategory Description 6851379 java classes_2d font files not deleted upon exit 6805338 java classes_security Add 1 new Entrust root CA cert and remove 3 others with 1024 bit keys 6845457 java classes_security Add root certs for Keynectis CA 6846473 java classes_security Add QuoVadis root CA certs to the JRE 6848984 java classes_util_i18n (tz) Support tzdata2009i 6851214 java classes_util_i18n (tz) New Jordan rule creates a failure for SimpleTimeZone parsing post tzdata2009h |
||
---|---|---|
.. | ||
buildlink3.mk | ||
builtin.mk | ||
DEINSTALL | ||
DESCR | ||
distinfo | ||
INSTALL | ||
Makefile | ||
Makefile.common | ||
MESSAGE.NetBSD | ||
PLIST.linux-i386 | ||
PLIST.linux-x86_64 | ||
sfiles-i386.mk | ||
sfiles-x86_64.mk |