OpenJDK
 » 
OpenJDK Distribution-specific Packaging

IcedTea6 1.5.3 & 1.6.2 Released!

View: New views
1 Messages — Rating Filter:   Alert me  

IcedTea6 1.5.3 & 1.6.2 Released!

by gnu_andrew :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

We are pleased to announce two new security releases, IcedTea6 1.5.3 and 1.6.2.

The IcedTea project provides a harness to build the source code from
OpenJDK6 using Free Software build tools. It also includes the only
Free Java plugin and Web Start implementation, and support for
additional architectures over and above x86, x86_64 and SPARC via the
Zero assembler port.

What’s New?
—————–
- Security fixes for:
—————–
(CVE-2009-3728) ICC_Profile file existence detection information leak (6631533)
(CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445)
(CVE-2009-3881) resurrected classloaders can still have children (6636650)
(CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026)
(CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138)
(CVE-2009-3880) UI logging information leakage (6664512)
(CVE-2009-3879) GraphicsConfiguration information leak (6822057)
(CVE-2009-3884) zoneinfo file existence information leak (6824265)
(CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062)
(CVE-2009-3873) JPEG Image Writer quantization problem (6862968)
(CVE-2009-3875) MessageDigest.isEqual introduces timing attack
vulnerabilities (6863503)
(CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser
denial of service (6864911)
(CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357)
(CVE-2009-3874) ImageI/O JPEG heap overflow (6874643)
(CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358)

The tarballs and 1.6 nosrc RPM can be downloaded from:

* http://icedtea.classpath.org/download/source/icedtea6-1.5.3.tar.gz
* http://icedtea.classpath.org/download/source/icedtea6-1.6.2.tar.gz
* http://icedtea.classpath.org/download/fedora/java-1.6.0-openjdk-1.6.0.0-30.b16.fc11.nosrc.rpm

The following people helped with the 1.5 and 1.6 release series:

Lillian Angel, Gary Benson, Deepak Bhole, Andrew Haley, Andrew John
Hughes, Matthias Klose, Martin Matejovic, Ed Nevill, Mark Wielaard and
many others.

We would also like to thank the bug reporters and testers!

To get started:
$ tar xzf icedtea6-1.6.2.tar.gz
$ cd icedtea6-1.6.2

Full build requirements and instructions are in INSTALL:
$ ./configure [--enable-visualvm --with-openjdk --enable-pulse-java
--enable-systemtap ...]
$ make

Blog: http://blog.fuseyism.com/index.php/2009/11/09/icedtea6-153-162-released/
--
Andrew :-)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net

PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA  7927 142C 2591 94EF D9D8
Free embeddable forum powered by Nabble Forum Help