------------------------------------------------------------------- Fri Feb 7 09:44:16 UTC 2020 - Pedro Monreal Gonzalez - Update to Java 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968] * Security Fixes: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 IJ21208 KDB to JKS keystore conversion creates JKS keystore with broken certificate chain, regression introduced in CMSProvider 2.63 * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES ------------------------------------------------------------------- Wed Dec 4 10:06:55 UTC 2019 - Pedro Monreal Gonzalez - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 * Security: IJ18411 CAN'T FIND RESOURCE FOR BUNDLE COM.IBM.SECURITY.UTIL.AU THRESOURCES, KEY USERNAME IJ18572 UPDATE CMSPROVIDER FOR IBMJCEPLUS IJ18573 UPDATE IKEYMAN FOR IBMJCEPLUS, PKCS12 KEYSTORE CORRUPTED AFTER USING IKEYMAN * Java Virtual Machine: IJ19980 SUN.JAVA2D.FONTPATH IS NOT SET TO NULL WHEN JAVA_FONTS IS NOT SET * JIT Compiler: IJ18838 HANG IN THE JIT MODULE ATTEMPTING TO RECLAIM RUNTIME ASSUMPTIONS IJ18450 JAVA JIT - CRASH IN USEREGISTER() ON POWER HARDWARE IJ17054 JAVA JIT ON POWER: CRASH IN FREEBESTREGISTER() * z/OS Extentions: PH17464 High CPU when using Elliptic Curve Ciphers (ECC) and the IBMJCECCA and IBMJSSE2 Providers. ------------------------------------------------------------------- Fri Aug 23 09:28:44 UTC 2019 - Pedro Monreal Gonzalez - Update to Java 7.1 Service Refresh 4 Fix Pack 50 [bsc#1147021] * Security fixes: CVE-2019-11775 (bsc#1147021) CVE-2019-4473 (bsc#1147021) CVE-2019-11771 (bsc#1147021) CVE-2019-7317 (bsc#1141780) CVE-2019-2769 (bsc#1141783) CVE-2019-2762 (bsc#1141782) CVE-2019-2816 (bsc#1141785) CVE-2019-2766 (bsc#1141789) IJ17282 IBMJCEPLUS NAME SPACE CHANGE FOR GSKIT IJ17055 JSSE2 MEMORY LEAK ON COM.IBM.JSSE2.EXT.ALPNJS SEEXT IJ17640 OPTIMIZE SHA PERFORMANCE * Class Libraries: IJ18131 UPDATE TIMEZONE INFORMATION TO TZDATA2018I * JIT Compiler: IJ18031 INCORRECT RESULTS FROM JAVA.TEXT.DECIMALFORMAT IJ17054 JAVA JIT ON POWER: CRASH IN FREEBESTREGISTER() * ORB: IX90189 HANDLE SCHEMA USE-CASE SCENARIO FOR APAR IX90188 IX90188 ORG.OMG.CORBA.MARSHAL EXCEPTION MAY BE THROWN AFTER APPLYING APAR IX90187 ------------------------------------------------------------------- Wed May 8 16:31:32 UTC 2019 - Pedro Monreal Gonzalez - Update to Java 7.1 Service Refresh 4 Fix Pack 45 [bsc#1134718] * Security fixes: CVE-2019-10245 (bsc#1134718) CVE-2019-2698 (bsc#1132729) CVE-2019-2697 (bsc#1132734) CVE-2019-2602 (bsc#1132728) CVE-2019-2684 (bsc#1132732) ------------------------------------------------------------------- Wed Mar 6 14:05:18 UTC 2019 - Pedro Monreal Gonzalez - Update to Java 7.1 Service Refresh 4 Fix Pack 40 [bsc#1128158] * Security fixes: CVE-2018-12547 CVE-2018-11212 (bsc#1122299) CVE-2019-2426 CVE-2019-2422 (bsc#1122293) ------------------------------------------------------------------- Mon Nov 19 17:35:34 UTC 2018 - Pedro Monreal Gonzalez - Update to Java 7.1 Service Refresh 4 Fix Pack 35 [bsc#1116574] * Consumability IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries IJ10934 CVE-2018-13785 IJ10935 CVE-2018-3136 IJ10895 CVE-2018-3139 IJ10932 CVE-2018-3149 IJ10894 CVE-2018-3180 IJ10933 CVE-2018-3214 IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK'S CACERTS. * Java Virtual Machine IJ10931 CVE-2018-3169 IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler IJ08205 CRASH WHILE COMPILING IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY IJ10491 AES/GCM CIPHER - AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER - INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS IJ10136 IBMPKCS11IMPL - INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER IJ08723 JAAS THROWS A 'ARRAY INDEX OUT OF RANGE' EXCEPTION IJ08704 THE SECURITY PROPERTY 'JDK.CERTPATH.DISABLEDAL GORITHMS' IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID ------------------------------------------------------------------- Mon Aug 13 13:38:24 UTC 2018 - tchvatal@suse.com - Version update to 7.1.4.30 [bsc#1104668] * Various JIT/JVM crash fixes * Security fixes: CVE-2018-2952 CVE-2018-2940 CVE-2018-2973 CVE-2018-1656 CVE-2018-12539 CVE-2018-1517 ------------------------------------------------------------------- Tue May 15 14:37:00 UTC 2018 - pmonrealgonzalez@suse.com - Version update to 7.1.4.25 [bsc#1093311, bsc#1085449] * Security fixes: CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 ------------------------------------------------------------------- Tue Mar 20 10:23:01 UTC 2018 - pmonrealgonzalez@suse.com - Renamed the update-alternatives link names for the different policy options to avoid collisions [bsc#1085018] * Available options: - jce_1.7.1_ibm_unlimited_local_policy [default] - jce_1.7.1_ibm_unlimited_us_export_policy - jce_1.7.1_ibm_limited_local_policy - jce_1.7.1_ibm_limited_us_export_policy ------------------------------------------------------------------- Fri Mar 16 15:53:33 UTC 2018 - pmonrealgonzalez@suse.com - Fixed priorities of alternatives [bsc#1085018] ------------------------------------------------------------------- Tue Mar 13 14:43:45 UTC 2018 - pmonrealgonzalez@suse.com - Fixed symlinks to policy files on update [bsc#1085018] ------------------------------------------------------------------- Tue Feb 27 10:18:38 UTC 2018 - pmonrealgonzalez@suse.com - Removed java-1_7_1-ibm-alsa and java-1_7_1-ibm-plugin entries in baselibs.conf due to errors in osc source_validator ------------------------------------------------------------------- Mon Feb 26 15:12:34 UTC 2018 - pmonrealgonzalez@suse.com - Version update to 7.1.4.20 [bsc#1082810] * Security fixes: CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl - Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl - Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl - SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - IJ02284 JIT Compiler: Division by zero in JIT compiler ------------------------------------------------------------------- Fri Dec 8 11:10:01 UTC 2017 - pmonrealgonzalez@suse.com - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390] ------------------------------------------------------------------- Thu Nov 30 10:49:06 UTC 2017 - pmonrealgonzalez@suse.com - Security update to version 7.1.4.15 [bsc#1070162] * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 ------------------------------------------------------------------- Mon Aug 14 13:06:01 UTC 2017 - pmonrealgonzalez@suse.com - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081 ------------------------------------------------------------------- Mon May 15 13:36:27 UTC 2017 - tchvatal@suse.com - Version update to 7.1-4.5 bsc#1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 ------------------------------------------------------------------- Mon Mar 6 11:53:51 UTC 2017 - tchvatal@suse.com - Version update to 7.1-4.1 bnc#1027038 CVE-2016-2183 ------------------------------------------------------------------- Wed Nov 16 13:25:55 UTC 2016 - tchvatal@suse.com - Version update to 7.1-3.60 bnc#1009280 CVE-2016-5568 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 CVE-2016-5554 CVE-2016-5542 ------------------------------------------------------------------- Fri Aug 12 12:03:34 UTC 2016 - pjanouch@suse.de - Version update to 7.1-3.50 (bsc#992537): CVE-2016-3485 CVE-2016-3511 CVE-2016-3511 CVE-2016-3598 ------------------------------------------------------------------- Tue May 10 16:41:22 UTC 2016 - abergmann@suse.com - The following CVEs got also fix with the IBM Java 1.7.1 SR3 FP40 release (bsc#979252): CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 ------------------------------------------------------------------- Fri Apr 29 13:04:56 UTC 2016 - pjanouch@suse.de - IBM Java 1.7.1 SR3 FP40 released (bnc#977646 bnc#977648 bnc#977650) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 ------------------------------------------------------------------- Fri Jan 29 09:52:21 UTC 2016 - tchvatal@suse.com - Version update to 7.1-3.30 bnc#963937, bsc#966304: CVE-2015-8540 CVE-2015-7981 CVE-2015-5041 CVE-2016-0494 CVE-2016-0483 CVE-2015-8126 CVE-2015-8472 CVE-2016-0466 CVE-2016-0402 CVE-2015-7575 CVE-2016-0448 ------------------------------------------------------------------- Thu Jan 7 13:23:17 UTC 2016 - tchvatal@suse.com - Move %_jvmdir/%sdklnk from main to develpkg for sle10 to avoid hickups - Move %_jvmjardir/%sdkcompatdir from develprj to main for the same ------------------------------------------------------------------- Fri Jan 1 13:15:09 UTC 2016 - tchvatal@suse.com - Move the pre phase to the baselibs.conf too bnc#960402 ------------------------------------------------------------------- Mon Nov 23 10:55:03 UTC 2015 - tchvatal@suse.com - Version update to 7.1-3.20 bnc#955131, bsc#929900: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 ------------------------------------------------------------------- Wed Aug 5 12:03:22 UTC 2015 - tchvatal@suse.com - Add backcompat symlinks for sdkdir - Fix bnc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir ------------------------------------------------------------------- Wed Jul 22 09:06:49 UTC 2015 - tchvatal@suse.com - Version update to 7.1-3.10 bnc#938895 CVE-2015-1931 CVE-2015-2638 CVE-2015-4733 CVE-2015-4732 CVE-2015-2590 CVE-2015-4731 CVE-2015-4760 CVE-2015-4748 CVE-2015-2664 CVE-2015-2632 CVE-2015-2637 CVE-2015-2619 CVE-2015-2621 CVE-2015-2613 CVE-2015-2601 CVE-2015-4749 CVE-2015-4000 CVE-2015-4729 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 ------------------------------------------------------------------- Thu Jul 2 12:24:33 UTC 2015 - tchvatal@suse.com - Version update to 7.1-3.1 bnc#935540 for the logjam attack ------------------------------------------------------------------- Mon Jun 15 13:02:08 UTC 2015 - tchvatal@suse.com - Sync spec and baselibs.conf - Remove obsolete parts of update-alternatives from baselibs.conf - Do not bother with non-etc-marked-as-conf - Move plugin desktop/icon to proper subpackage - Fix fdupes usage and javapackages-tools vs jpackage-utils dependencies - Drop creation of 0 size xlfd support files as they are never regenerated anyway - Cleanup with spec-cleaner ------------------------------------------------------------------- Wed Jun 3 10:00:31 UTC 2015 - tchvatal@suse.com - Filter out cuda requires/provides as it ain't provided in SUSE bnc#931693 ------------------------------------------------------------------- Tue Jun 2 14:48:59 UTC 2015 - tchvatal@suse.com - Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 ------------------------------------------------------------------- Tue Jun 2 14:33:59 UTC 2015 - tchvatal@suse.com - Fix removeing links before update-alternatives run. bnc#931702 ------------------------------------------------------------------- Tue Jun 2 12:50:10 UTC 2015 - tchvatal@suse.com - Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives ------------------------------------------------------------------- Tue Jun 2 11:50:07 UTC 2015 - tchvatal@suse.com - Fix bnc#912447, use system cacerts ------------------------------------------------------------------- Mon Jun 1 11:14:51 UTC 2015 - tchvatal@suse.com - Add condition for fdupes to build on SLE10 ------------------------------------------------------------------- Tue Feb 10 10:06:25 UTC 2015 - tchvatal@suse.com - Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891 - javad binary seems to be no more, so remove ------------------------------------------------------------------- Fri Nov 28 13:47:52 UTC 2014 - tchvatal@suse.com - Enable ppc and ppc64 ------------------------------------------------------------------- Tue Nov 18 13:11:32 UTC 2014 - tchvatal@suse.com - bring to sle11sp4 fate#317600 - bnc#904889 java 1.7.1_sr1.2 released - CVE-2014-3065: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (bnc#) - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (bnc#901223 901254 901277 901748 901757 901759 901889 901968 902229 902476 902912 903684 903690 903692) - CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (bnc#901239 901242 901246) - CVE-2014-6456: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (bnc#901239 901242 901246) - CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. (bnc#901239 901242 901246) - CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6476: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. (bnc#901239 901242 901246) - CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (bnc#901239 901242 901246) - CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (bnc#901239 901242 901246) - CVE-2014-6527: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. (bnc#901239 901242 901246) - CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (bnc#901239 901242 901246) ------------------------------------------------------------------- Fri Aug 8 07:11:56 UTC 2014 - tchvatal@suse.com - Version bump to 7.1-1.0 bnc#890434: * Maintenance update for the 7.1 series matching oracle jaca 7u65 ------------------------------------------------------------------- Thu Aug 7 08:04:18 UTC 2014 - tchvatal@suse.com - Replace SuSE with SUSE. bnc#889006 ------------------------------------------------------------------- Wed May 14 08:47:10 UTC 2014 - tchvatal@suse.com - Version bump to 7.1-1.0 (bnc#877465): * support for ppc64le * zEC12 and System z hardware compression acceleration support * Improved workload management facilities on z/OS * Native record processing with Data Access Accelerator * see http://www-01.ibm.com/support/docview.wss?uid=swg21657707 ------------------------------------------------------------------- Wed Mar 5 16:28:17 CET 2014 - ro@suse.de - Fix build on i586 and s390 * Remove bogus dependency on libstdc++33 ------------------------------------------------------------------- Mon Feb 17 09:57:18 UTC 2014 - mvyskocil@suse.com - Limit package to sle12 compatible architectures - Use SUSE-NonFree License as suggested by legal team - Adapt filelist to much stricter rpm in SLE12 ------------------------------------------------------------------- Tue Dec 10 12:06:55 UTC 2013 - mvyskocil@suse.com - package IBM Java Version 7 Release 1 (FATE#316606) IBM(R) SDK, Java Technology Edition, Version 7 Release 1 is the latest release of the Java SE 7 application programming interfaces (APIs). This release contains the latest virtual machine technology from IBM and is for users who wish to use Java SE 7 APIs to: * utilize enhanced native record processing * exploit the new zEC12 capabilities * improve monitoring and diagnostics * evaluate IBM's latest cloud enablement technology * see http://www-01.ibm.com/support/docview.wss?uid=swg21657707