---
- branch: MAIN
  date: Sun Nov 22 19:31:04 UTC 2009
  files:
  - new: '1.18'
    old: '1.17'
    path: pkgsrc/lang/sun-jdk6/Makefile
    pathrev: pkgsrc/lang/sun-jdk6/Makefile@1.18
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/lang/sun-jdk6/distinfo
    pathrev: pkgsrc/lang/sun-jdk6/distinfo@1.9
    type: modified
  id: 20091122T193104Z.d78f337f8ad6a123eeb67af37d67b84d768a38e4
  log: "Updated lang/sun-jdk6 to 6.0.17\n\n6u17 contains Olson time zone data version
    2009m. For more information, refer to Timezone Data Versions in the JRE Software
    .\n\nSecurity Baseline\n\n6u17 specifies the following security baselines for
    use with Java Plug-in technology:\nJRE Family Version \tJava SE\nSecurity Baseline
    \tJava SE for Business\nSecurity Baseline 6 \t1.6.0_17 \t1.6.0_17\n5.0 \t1.5.0_22
    \t1.5.0_22\n1.4.2 \t1.4.2_19 \t1.4.2_24\n\nRoot Certificates\n\nRoot Certificates
    are included in this release.\n\n    * Added one new root certificate for SECOM.
    (Refer to 6872579.)\n    * Added one new root certificate for GlobalSign. (Refer
    to 6860447.)\n\nBug Fixes\n\nThis release contains fixes for one or more security
    vulnerabilities.\nFor more information, please see Sun Alerts 269868, 269869,
    269870,\n270474, 270475, and 270476.\n\nBug fixes for vulnerabilities are listed
    in the following table.\n\tBugId \tCategory \tSubcategory \tDescription 6631533
    \tjava \tclasses_2d \tICC_Profile allows detecting if some files exist\n6815780
    \tjava \tclasses_2d \tTrueType font parsing crash when stressing Sun Bug 6751322
    test case\n6822057 \tjava \tclasses_2d \tX11 and Win32GraphicsDevice don't clone
    arrays returned from getConfigurations()\n6862969 \tjava \tclasses_2d \tJPEG JFIF
    Decoder issue\n6862970 \tjava \tclasses_2d \tImage Color Profile parsing issue\n6872357
    \tjava \tclasses_2d \tJRE AWT setDifflCM vulnerable to Stack Overflow\n6872358
    \tjava \tclasses_2d \tJRE AWT setBytePixels vulnerable to Heap Overflow\n6664512
    \tjava \tclasses_awt \tComponent and [Default]KeyboardFocusManager pass security
    sensitive objects to loggers\n6636650 \tjava \tclasses_lang \t(cl) Resurrected
    ClassLoaders can still have children\n6861062 \tjava \tclasses_security \tDisable
    MD2 in certificate chain validation\n6863503 \tjava \tclasses_security \tSECURITY:
    MessageDigest.isEqual introduces timing attack vulnerabilities\n6864911 \tjava
    \tclasses_security \tASN.1/DER input stream parser needs more work\n6854303 \tjava
    \tclasses_sound \tSun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability\n6657026
    \tjava \tclasses_swing \tNumerous static security flaws in Swing (findbugs)\n6657138
    \tjava \tclasses_swing \tMutable statics in Windows PL&F (findbugs)\n6824265 \tjava
    \tclasses_util_i18n \t(tz) TimeZone.getTimeZone allows probing local filesystem\n6632445
    \tjava \timageio \tDoS from parsing BMPs with UNC ICC links\n6862968 \tjava \timageio
    \tJPEG Image Writer quantization problem\n6874643 \tjava \timageio \tImageI/O
    JPEG is vulnerable to Heap Overflow\n6869694 \tjava \tinstall \tjava update malfunctioning\n6869752
    \tjava_deployment \tdeployment_toolkit \tDeployment Toolkit plugin \"launch\"
    method vulnerable to exploits\n6872824 \tjavawebstart \tgeneral \tarbitary code
    execution using java web start\n6870531 \tjavawebstart \tother \tREGRESSION:have
    problem to run JNLP app and applets with signed Jar files\n\nOther bug fixes are
    listed in the following table.\n\tBugId \tCategory \tSubcategory \tDescription
    6842999 \thotspot \truntime_system \tUpdate hotspot windows os_win32 for windows
    2008 R2\n6804454 \tjava \tclasses_2d \tRFE: Provide a way to control the printing
    dpi resolution from MSIE browser print. See also 6801859\n6813208 \tjava \tclasses_awt
    \tpageDialog throws NPE from applet\n6825342 \tjava \tclasses_awt \tSecurity warning
    may change Z-order of top-level\n6843003 \tjava \tclasses_lang \tWindows Server
    2008 R2 system recognition\n6860447 \tjava \tclasses_security \tAdd GlobalSign
    R3 Root certificate to the JDK\n6872579 \tjava \tclasses_security \tAdd SECOM
    Root CA 2 to JDK\n6880110 \tjava \tclasses_util_i18n \t(tz) Support tzdata2009m\n6814140
    \tjava \tclasses_util_logging \tdeadlock due to synchronized demandLogger() code
    that locks ServerLogManager\n6879614 \tjaxp \tparse \tcom.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl
    failing to parse xml document\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/sun-jdk6'
  unixtime: '1258918264'
  user: abs