------------------------------------------------------------------- Fri Feb 7 09:44:16 UTC 2020 - Pedro Monreal Gonzalez - Update to Java 7.0 Service Refresh 10 Fix Pack 60 [bsc#1162972, bsc#1160968] * Security Fixes: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 IJ21208 KDB to JKS keystore conversion creates JKS keystore with broken certificate chain, regression introduced in CMSProvider 2.63 * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES ------------------------------------------------------------------- Wed Dec 4 10:06:55 UTC 2019 - Pedro Monreal Gonzalez - Update to 7.0 Service Refresh 10 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 * Security: IJ18411 CAN'T FIND RESOURCE FOR BUNDLE COM.IBM.SECURITY.UTIL.AU THRESOURCES, KEY USERNAME IJ18572 UPDATE CMSPROVIDER FOR IBMJCEPLUS IJ18573 UPDATE IKEYMAN FOR IBMJCEPLUS, PKCS12 KEYSTORE CORRUPTED AFTER USING IKEYMAN * Java Virtual Machine: IJ19980 SUN.JAVA2D.FONTPATH IS NOT SET TO NULL WHEN JAVA_FONTS IS NOT SET * JIT Compiler: IJ18838 HANG IN THE JIT MODULE ATTEMPTING TO RECLAIM RUNTIME ASSUMPTIONS IJ17054 JAVA JIT ON POWER: CRASH IN FREEBESTREGISTER() * z/OS Extentions: PH17464 High CPU when using Elliptic Curve Ciphers (ECC) and the IBMJCECCA and IBMJSSE2 Providers. ------------------------------------------------------------------- Fri Aug 23 09:28:44 UTC 2019 - Pedro Monreal Gonzalez - Update to Java 7.0 Service Refresh 10 Fix Pack 50 [bsc#1147021] * Security fixes: CVE-2019-11775 CVE-2019-4473 CVE-2019-11771 CVE-2019-7317 CVE-2019-2769 (bsc#1141783) CVE-2019-2762 (bsc#1141782) CVE-2019-2816 CVE-2019-2766 (bsc#1141789) * Class Libraries: IJ18126 JAVA.LANG.INTERNALERROR: SPAWNP FAILURE, ERRNO=3450 IJ18121 UPDATE IBM I JAVA PRODUCT TO DECREASE LOOP TIME OF DNS LOOKUP IJ18131 UPDATE TIMEZONE INFORMATION TO TZDATA2018I * JIT Compiler: IJ17054 JAVA JIT ON POWER: CRASH IN FREEBESTREGISTER() ------------------------------------------------------------------- Wed May 8 16:27:59 UTC 2019 - Pedro Monreal Gonzalez - Update to Java 7.0 Service Refresh 10 Fix Pack 45 [bsc#1134718] * Security fixes: CVE-2019-10245 (bsc#1134718) CVE-2019-2698 (bsc#1132729) CVE-2019-2697 (bsc#1132734) CVE-2019-2602 (bsc#1132728) CVE-2019-2684 (bsc#1132732) ------------------------------------------------------------------- Wed Mar 6 15:03:22 UTC 2019 - Pedro Monreal Gonzalez - Update to Java 7.0 Service Refresh 10 Fix Pack 40 [bsc#1128158] * Security fixes: CVE-2018-12547 CVE-2018-11212 (bsc#1122299) CVE-2019-2426 CVE-2019-2422 (bsc#1122293) ------------------------------------------------------------------- Mon Nov 19 17:38:54 UTC 2018 - Pedro Monreal Gonzalez - Update to Java 7.0 Service Refresh 10 Fix Pack 35 [bsc#1116574] * Class Libraries IJ10934 CVE-2018-13785 IJ10935 CVE-2018-3136 IJ10895 CVE-2018-3139 IJ10932 CVE-2018-3149 IJ10894 CVE-2018-3180 IJ10933 CVE-2018-3214 IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK'S CACERTS * Java Virtual Machine IJ10931 CVE-2018-3169 * JIT Compiler IJ08205 CRASH WHILE COMPILING * Security IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY IJ10491 AES/GCM CIPHER - AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER - INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS IJ10136 IBMPKCS11IMPL - INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER IJ08723 JAAS THROWS A 'ARRAY INDEX OUT OF RANGE' EXCEPTION IJ08704 THE SECURITY PROPERTY 'JDK.CERTPATH.DISABLEDAL GORITHMS' IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID ------------------------------------------------------------------- Mon Aug 13 13:38:24 UTC 2018 - tchvatal@suse.com - Version update to 7.0.10.30 [bsc#1104668] * Various JIT/JVM crash fixes * Security fixes: CVE-2018-2952 CVE-2018-2940 CVE-2018-2973 CVE-2018-1656 CVE-2018-12539 CVE-2018-1517 ------------------------------------------------------------------- Tue May 15 14:49:21 UTC 2018 - pmonrealgonzalez@suse.com - Version update to 7.1.4.25 [bsc#1093311, bsc#1085449] * Security fixes: CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 ------------------------------------------------------------------- Tue Mar 20 14:16:58 UTC 2018 - pmonrealgonzalez@suse.com - Renamed the update-alternatives link names for the different policy options to avoid collisions [bsc#1085018] * Available options: - jce_1.7.0_ibm_unlimited_local_policy [default] - jce_1.7.0_ibm_unlimited_us_export_policy - jce_1.7.0_ibm_limited_local_policy - jce_1.7.0_ibm_limited_us_export_policy ------------------------------------------------------------------- Fri Mar 16 15:53:33 UTC 2018 - pmonrealgonzalez@suse.com - Fixed priorities of alternatives [bsc#1085018] ------------------------------------------------------------------- Wed Mar 14 10:31:08 UTC 2018 - pmonrealgonzalez@suse.com - Fixed symlinks to policy files on update [bsc#1085018] ------------------------------------------------------------------- Tue Feb 27 10:18:38 UTC 2018 - pmonrealgonzalez@suse.com - Removed java-1_7_0-ibm-alsa and java-1_7_0-ibm-plugin entries in baselibs.conf due to errors in osc source_validator ------------------------------------------------------------------- Mon Feb 26 16:17:56 UTC 2018 - pmonrealgonzalez@suse.com - Version update to 7.0.10.20 [bsc#1082810] * Security fixes: CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl - Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl - Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl - SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ02284 JIT Compiler: Division by zero in JIT compiler ------------------------------------------------------------------- Fri Dec 8 11:17:02 UTC 2017 - pmonrealgonzalez@suse.com - Fixed jpackage-java-1_7_0-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390] ------------------------------------------------------------------- Thu Dec 7 16:52:04 UTC 2017 - pmonrealgonzalez@suse.com - Security update to version 7.0.10.15 [bsc#1070162] * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 ------------------------------------------------------------------- Mon Aug 14 12:56:47 UTC 2017 - pmonrealgonzalez@suse.com - Version update to 7.0-10.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081 ------------------------------------------------------------------- Mon May 15 13:36:27 UTC 2017 - tchvatal@suse.com - Version update to 7.0-10.5 bsc#1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 ------------------------------------------------------------------- Mon Mar 6 11:53:51 UTC 2017 - tchvatal@suse.com - Version update to 7.0-10.1 bnc#1027038 CVE-2016-2183 ------------------------------------------------------------------- Wed Nov 16 13:25:55 UTC 2016 - tchvatal@suse.com - Version update to 7.0-9.60 bnc#1009280 CVE-2016-5568 CVE-2016-5556 CVE-2016-5573 CVE-2016-5597 CVE-2016-5554 CVE-2016-5542 ------------------------------------------------------------------- Fri Aug 12 12:05:40 UTC 2016 - pjanouch@suse.de - Version update to 7.0-9.50 (bsc#992537): CVE-2016-3485 CVE-2016-3511 CVE-2016-3511 CVE-2016-3598 ------------------------------------------------------------------- Tue May 10 16:41:22 UTC 2016 - abergmann@suse.com - The following CVEs got also fix with the IBM Java 1.7.0 SR9 FP40 release (bsc#979252): CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 ------------------------------------------------------------------- Fri Apr 29 12:59:01 UTC 2016 - pjanouch@suse.de - IBM Java 1.7.0 SR9 FP40 released (bnc#977646 bnc#977648 bnc#977650) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 ------------------------------------------------------------------- Fri Jan 29 09:52:21 UTC 2016 - tchvatal@suse.com - Version update to 7.0-9.30 bnc#963937: CVE-2015-8540 CVE-2015-7981 CVE-2015-5041 CVE-2016-0494 CVE-2016-0483 CVE-2015-8126 CVE-2015-8472 CVE-2016-0466 CVE-2016-0402 CVE-2015-7575 CVE-2016-0448 ------------------------------------------------------------------- Thu Jan 7 13:23:17 UTC 2016 - tchvatal@suse.com - Move %_jvmdir/%sdklnk from main to develpkg for sle10 to avoid hickups - Move %_jvmjardir/%sdkcompatdir from develprj to main for the same ------------------------------------------------------------------- Fri Jan 1 13:15:09 UTC 2016 - tchvatal@suse.com - Move the pre phase to the baselibs.conf too bnc#960402 ------------------------------------------------------------------- Mon Nov 23 10:39:37 UTC 2015 - tchvatal@suse.com - Version update to 7.0-9.20 bnc#955131, bsc#929900: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 ------------------------------------------------------------------- Wed Aug 5 12:03:22 UTC 2015 - tchvatal@suse.com - Add backcompat symlinks for sdkdir - Fix bnc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir ------------------------------------------------------------------- Wed Jul 22 08:59:16 UTC 2015 - tchvatal@suse.com - Version update to 7.0-9.10 bnc#938895, bsc#966304: CVE-2015-1931 CVE-2015-2638 CVE-2015-4733 CVE-2015-4732 CVE-2015-2590 CVE-2015-4731 CVE-2015-4760 CVE-2015-4748 CVE-2015-2664 CVE-2015-2632 CVE-2015-2637 CVE-2015-2619 CVE-2015-2621 CVE-2015-2613 CVE-2015-2601 CVE-2015-4749 CVE-2015-4000 CVE-2015-4729 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 ------------------------------------------------------------------- Thu Jul 2 12:24:33 UTC 2015 - tchvatal@suse.com - Version update to 7.0-9.1 bnc#935540 for the logjam attack ------------------------------------------------------------------- Mon Jun 15 13:02:08 UTC 2015 - tchvatal@suse.com - Sync spec and baselibs.conf - Remove obsolete parts of update-alternatives from baselibs.conf - convert the baselibs to unix encoding - Do not bother with non-etc-marked-as-conf - Move plugin desktop/icon to proper subpackage - Fix fdupes usage and javapackages-tools vs jpackage-utils dependencies - Drop creation of 0 size xlfd support files as they are never regenerated anyway - Cleanup with spec-cleaner ------------------------------------------------------------------- Tue Jun 2 14:50:24 UTC 2015 - tchvatal@suse.com - Version bum to 7.0-9.0 bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 ------------------------------------------------------------------- Tue Jun 2 14:33:57 UTC 2015 - tchvatal@suse.com - Fix removeing links before update-alternatives run. bnc#931702 ------------------------------------------------------------------- Tue Jun 2 12:50:13 UTC 2015 - tchvatal@suse.com - Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives ------------------------------------------------------------------- Tue Jun 2 11:50:04 UTC 2015 - tchvatal@suse.com - Fix bnc#912447, use system cacerts ------------------------------------------------------------------- Mon Jun 1 11:14:56 UTC 2015 - tchvatal@suse.com - Add condition for fdupes to build on SLE10 ------------------------------------------------------------------- Mon Feb 9 14:44:37 UTC 2015 - tchvatal@suse.com - Update to 7.0-8.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891 ------------------------------------------------------------------- Tue Nov 18 13:12:56 UTC 2014 - tchvatal@suse.com - bnc#904889 java 1.7.0_sr7.2 released - CVE-2014-3065: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (bnc#) - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (bnc#901223 901254 901277 901748 901757 901759 901889 901968 902229 902476 902912 903684 903690 903692) - CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (bnc#901239 901242 901246) - CVE-2014-6456: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (bnc#901239 901242 901246) - CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. (bnc#901239 901242 901246) - CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6476: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. (bnc#901239 901242 901246) - CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (bnc#901239 901242 901246) - CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (bnc#901239 901242 901246) - CVE-2014-6527: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. (bnc#901239 901242 901246) - CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (bnc#901239 901242 901246) ------------------------------------------------------------------- Wed Sep 3 01:41:37 CEST 2014 - ro@suse.de - sanitize release line in specfile ------------------------------------------------------------------- Thu Aug 7 07:55:51 UTC 2014 - tchvatal@suse.com - Version bump to 7.0-7.1 release wrt bnc#891701 * CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 * CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 * CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263 * CVE-2014-4244 CVE-2014-4208 - bnc#890434 IBM Java 7 Release 0 SR7-FP1 - Rename SuSE to SUSE. bnc#889006 ------------------------------------------------------------------- Wed May 14 15:03:34 UTC 2014 - tchvatal@suse.com - Version update to Java 7 SR7 wrt bnc#877429 * CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 * CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 * CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 * CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 * CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 * CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 * CVE-2014-2428 CVE-2014-0455 CVE-2014-0428 CVE-2014-0453 * CVE-2014-0454 CVE-2014-0878 ------------------------------------------------------------------- Mon Mar 3 17:07:40 UTC 2014 - fridrich.strba@suse.com - Fix build on i586 and s390 * Remove bogus dependency on libstdc++33 ------------------------------------------------------------------- Mon Mar 3 09:10:00 UTC 2014 - fridrich.strba@suse.com - Build fix in java-1_7_0-ibm-rpmlintrc * Filter out the "invalid license" errors to make build succeed. * Filter out the "files-duplicated-waste" since it is supposingly not safe to do %fdupes in this kind of packages ------------------------------------------------------------------- Tue Feb 4 13:26:30 UTC 2014 - mvyskocil@suse.com - fix bnc#862064: VUL-0 java-1_7_0-ibm SR6-FP1 update * CVE-2014-0428, CVE-2014-0422, CVE-2013-5907, CVE-2014-0415, * CVE-2014-0410, CVE-2013-5889, CVE-2014-0417, CVE-2014-0387, * CVE-2014-0424, CVE-2013-5878, CVE-2014-0373, CVE-2014-0375, * CVE-2014-0403, CVE-2014-0423, CVE-2014-0376, CVE-2013-5910, * CVE-2013-5884, CVE-2013-5896, CVE-2014-0376, CVE-2013-5899, * CVE-2014-0416, CVE-2013-5887, CVE-2014-0368, CVE-2013-5888, * CVE-2013-5898, CVE-2014-0411 ------------------------------------------------------------------- Tue Nov 19 08:12:39 UTC 2013 - mvyskocil@suse.com - update qa_filelists.tar.bz2 ------------------------------------------------------------------- Thu Nov 14 12:27:10 CET 2013 - ro@suse.de - fix build with rpm on factory (does not allow to specify a symlink as %dir) ------------------------------------------------------------------- Thu Nov 7 08:12:39 UTC 2013 - mvyskocil@suse.com - fix bnc#849212: java-1_7_0-ibm SR6 update * CVE-2013-5458, CVE-2013-5456, CVE-2013-5457, CVE-2013-4041, * CVE-2013-5375, CVE-2013-5372, CVE-2013-5843, CVE-2013-5789, * CVE-2013-5830, CVE-2013-5829, CVE-2013-5787, CVE-2013-5788, * CVE-2013-5824, CVE-2013-5842, CVE-2013-5782, CVE-2013-5817, * CVE-2013-5809, CVE-2013-5814, CVE-2013-5832, CVE-2013-5850, * CVE-2013-5838, CVE-2013-5802, CVE-2013-5812, CVE-2013-5804, * CVE-2013-5783, CVE-2013-3829, CVE-2013-5823, CVE-2013-5831, * CVE-2013-5820, CVE-2013-5819, CVE-2013-5818, CVE-2013-5848, * CVE-2013-5776, CVE-2013-5774, CVE-2013-5825, CVE-2013-5840, * CVE-2013-5801, CVE-2013-5778, CVE-2013-5851, CVE-2013-5800, * CVE-2013-5784, CVE-2013-5849, CVE-2013-5790, CVE-2013-5780, * CVE-2013-5797, CVE-2013-5803, CVE-2013-5772 - drop tzmappings-busingen.patch, fixed upstream ------------------------------------------------------------------- Tue Jul 23 12:02:26 UTC 2013 - mvyskocil@suse.com - add Europe/Busingen to tzmappings (bnc#817062) * tzmappings-busingen.patch - mark files in jre/bin and bin/ as executable (bnc#823034) ------------------------------------------------------------------- Thu Jul 18 07:46:11 UTC 2013 - mvyskocil@suse.com - fix bnc#829212: java-1_7_0-ibm SR5 update * CVE-2013-3006,CVE-2013-3007,CVE-2013-3008,CVE-2013-3009 * CVE-2013-3010,CVE-2013-3011,CVE-2013-3012,CVE-2013-4002 * CVE-2013-2468,CVE-2013-2469,CVE-2013-2465,CVE-2013-2464 * CVE-2013-2463,CVE-2013-2473,CVE-2013-2472,CVE-2013-2471 * CVE-2013-2470,CVE-2013-2459,CVE-2013-2466,CVE-2013-2462 * CVE-2013-2460,CVE-2013-3743,CVE-2013-2448,CVE-2013-2442 * CVE-2013-2407,CVE-2013-2454,CVE-2013-2458,CVE-2013-3744 * CVE-2013-2400,CVE-2013-2456,CVE-2013-2453,CVE-2013-2457 * CVE-2013-2455,CVE-2013-2412,CVE-2013-2443,CVE-2013-2447 * CVE-2013-2437,CVE-2013-2444,CVE-2013-2452,CVE-2013-2446 * CVE-2013-2450,CVE-2013-1571,CVE-2013-2449,CVE-2013-2451 * CVE-2013-1500 ------------------------------------------------------------------- Fri May 17 08:56:18 UTC 2013 - mvyskocil@suse.com - fix bnc#819288: java-1_7_0-ibm SR4-FP2 update * CVE-2013-2422, CVE-2013-1491, CVE-2013-2435, CVE-2013-2420, * CVE-2013-2432, CVE-2013-2434, CVE-2013-1569, CVE-2013-2384, * CVE-2013-2383, CVE-2013-1557, CVE-2013-1537, CVE-2013-1558, * CVE-2013-2440, CVE-2013-1488, CVE-2013-2426, CVE-2013-2436, * CVE-2013-2429, CVE-2013-2430, CVE-2013-1563, CVE-2013-2394, * CVE-2013-0401, CVE-2013-2438, CVE-2013-2424, CVE-2013-2419, * CVE-2013-2417, CVE-2013-2418, CVE-2013-1540, CVE-2013-2423, * CVE-2013-2433, CVE-2013-2416, CVE-2013-2415 - fix bnc#592934: add jexec and jextract to alternative list - fix bnc#819285: description and summary should mention Java 7 ------------------------------------------------------------------- Thu Apr 11 10:27:52 UTC 2013 - mvyskocil@suse.com - fix bnc#813939: java-1_7_0-ibm SR4-FP1 update * CVE-2013-0485, CVE-2013-0809, CVE-2013-1493, CVE-2013-0169 ------------------------------------------------------------------- Mon Mar 4 11:45:13 UTC 2013 - mvyskocil@suse.com - fix bnc#798535: java-1_7_0-ibm SR4 update * CVE-2013-1487, CVE-2013-1486, CVE-2013-1478, CVE-2013-0445 * CVE-2013-1480, CVE-2013-0441, CVE-2013-1476, CVE-2012-1541 * CVE-2013-0446, CVE-2012-3342, CVE-2013-0442, CVE-2013-0450 * CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2012-3213 * CVE-2013-0419, CVE-2013-0423, CVE-2013-0351, CVE-2013-0432 * CVE-2013-1473, CVE-2013-0435, CVE-2013-0434, CVE-2013-0409 * CVE-2013-0427, CVE-2013-0433, CVE-2013-0424, CVE-2013-0440 * CVE-2013-0438, CVE-2013-0443, CVE-2013-1484, CVE-2013-1485 * CVE-2013-0437, CVE-2013-0444, CVE-2013-0449, CVE-2013-0431 * CVE-2013-0422, CVE-2012-3174 ------------------------------------------------------------------- Mon Nov 12 14:54:31 UTC 2012 - mvyskocil@suse.com - fix bnc#788750: java-1_7_0-ibm SR3 update * CVE-2012-3159,CVE-2012-3216,CVE-2012-5070,CVE-2012-5067,CVE-2012-3143 * CVE-2012-5076,CVE-2012-5077,CVE-2012-5073,CVE-2012-5074,CVE-2012-5075 * CVE-2012-5083,CVE-2012-5083,CVE-2012-5072,CVE-2012-1531,CVE-2012-5081 * CVE-2012-1532,CVE-2012-1533,CVE-2012-5069,CVE-2012-5071,CVE-2012-5084 * CVE-2012-5087,CVE-2012-5086,CVE-2012-5079,CVE-2012-5088,CVE-2012-5089 ------------------------------------------------------------------- Wed Sep 19 09:11:07 UTC 2012 - mvyskocil@suse.com - fix bnc#780897: java-1_7_0-ibm SR2 update CVE-2012-4681,CVE-2012-1682,CVE-2012-3136,CVE-2012-0547 CVE-2012-0551,CVE-2012-1717,CVE-2012-1716,CVE-2012-1713 CVE-2012-1719,CVE-2012-1718,CVE-2012-1722,CVE-2012-1721 CVE-2012-1725,CVE-2012-1726 ------------------------------------------------------------------- Wed Jul 11 12:36:01 UTC 2012 - mvyskocil@suse.cz - packaged IBM Java 7 1.0 (FATE#311688)