------------------------------------------------------------------- Mon Feb 9 13:20:40 UTC 2015 - tchvatal@suse.com - Update to 6.0-16.3 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891 ------------------------------------------------------------------- Tue Nov 18 13:45:39 UTC 2014 - tchvatal@suse.com - bnc#904889 java 1.6.0_sr16.2 released - CVE-2014-3065: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (bnc#) - CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (bnc#901223 901254 901277 901748 901757 901759 901889 901968 902229 902476 902912 903684 903690 903692) - CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. (bnc#901239 901242 901246) - CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. (bnc#901239 901242 901246) - CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. (bnc#901239 901242 901246) - CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. (bnc#901239 901242 901246) - CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. (bnc#901239 901242 901246) - CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. (bnc#901239 901242 901246) - CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. (bnc#901239 901242 901246) - CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. (bnc#901239 901242 901246) ------------------------------------------------------------------- Wed Sep 3 01:41:37 CEST 2014 - ro@suse.de - sanitize release line in specfile ------------------------------------------------------------------- Thu Aug 7 07:09:04 UTC 2014 - tchvatal@suse.com - Provide jexec and jextract. bnc#592934 ------------------------------------------------------------------- Wed Aug 6 12:01:47 UTC 2014 - tchvatal@suse.com - bnc#890435: IBM Java 6 SR16-FP1 released. ------------------------------------------------------------------- Wed Aug 6 12:01:09 UTC 2014 - tchvatal@suse.com - Rename SuSE to SUSE. bnc#889006 ------------------------------------------------------------------- Wed May 14 11:40:06 UTC 2014 - tchvatal@suse.com - Update to Java 6 SR16 fixing bnc#877430 and bnc#869956: * CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 * CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0457 * CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 * CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 * CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 * CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 CVE-2014-0428 * CVE-2014-0453 CVE-2014-0878 ------------------------------------------------------------------- Fri Apr 25 11:21:19 UTC 2014 - tchvatal@suse.com - Reduce the archs to the only working+supported ones: %ix86 s390x x86_64 ------------------------------------------------------------------- Thu Apr 24 13:28:11 UTC 2014 - tchvatal@suse.com - ix86 does not seem to require libstdc++-33 - s390 seems to require libstdc++-5 ------------------------------------------------------------------- Thu Apr 24 11:35:49 UTC 2014 - tchvatal@suse.com - fix bnc#862064 - VUL-0: java-1_6_0-ibm SR15-FP1 update * CVE-2014-0428, CVE-2014-0422, CVE-2013-5907, CVE-2014-0415, * CVE-2014-0410, CVE-2013-5889, CVE-2014-0417, CVE-2014-0387, * CVE-2014-0424, CVE-2013-5878, CVE-2014-0373, CVE-2014-0375, * CVE-2014-0403, CVE-2014-0423, CVE-2014-0376, CVE-2013-5910, * CVE-2013-5884, CVE-2013-5896, CVE-2014-0376, CVE-2013-5899, * CVE-2014-0416, CVE-2013-5887, CVE-2014-0368, CVE-2013-5888, * CVE-2013-5898, CVE-2014-0411 ------------------------------------------------------------------- Wed Jan 22 14:23:39 UTC 2014 - mvyskocil@suse.com - License changed to SUSE-NonFree as suggested by legal team ------------------------------------------------------------------- Thu Nov 7 08:28:46 UTC 2013 - mvyskocil@suse.com - fix bnc#849212: java-1_6_0-ibm SR15 update * CVE-2013-5457, CVE-2013-4041, CVE-2013-5375, CVE-2013-5372, * CVE-2013-5843, CVE-2013-5789, CVE-2013-5830, CVE-2013-5829, * CVE-2013-5787, CVE-2013-5824, CVE-2013-5842, CVE-2013-5782, * CVE-2013-5817, CVE-2013-5809, CVE-2013-5814, CVE-2013-5832, * CVE-2013-5850, CVE-2013-5802, CVE-2013-5812, CVE-2013-5804, * CVE-2013-5783, CVE-2013-3829, CVE-2013-5823, CVE-2013-5831, * CVE-2013-5820, CVE-2013-4002, CVE-2013-5819, CVE-2013-5818, * CVE-2013-5848, CVE-2013-5776, CVE-2013-5774, CVE-2013-5825, * CVE-2013-5840, CVE-2013-5801, CVE-2013-5778, CVE-2013-5784, * CVE-2013-5849, CVE-2013-5780, CVE-2013-5797, CVE-2013-5803, * CVE-2013-5772 - drop tzmappings-busingen.patch, fixed upstream ------------------------------------------------------------------- Tue Jul 23 11:40:01 UTC 2013 - mvyskocil@suse.com - add Europe/Busingen to tzmappings (bnc#817062) * tzmappings-busingen.patch - mark files in jre/bin and bin/ as executable (bnc#823034) ------------------------------------------------------------------- Fri Jul 19 14:02:53 UTC 2013 - mvyskocil@suse.com - fix bnc#829212: java-1_6_0-ibm SR14 update * CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002 * CVE-2013-2468,CVE-2013-2469,CVE-2013-2465,CVE-2013-2464 * CVE-2013-2463,CVE-2013-2473,CVE-2013-2472,CVE-2013-2471 * CVE-2013-2470,CVE-2013-2459,CVE-2013-2466,CVE-2013-3743 * CVE-2013-2448,CVE-2013-2442,CVE-2013-2407,CVE-2013-2454 * CVE-2013-2456,CVE-2013-2453,CVE-2013-2457,CVE-2013-2455 * CVE-2013-2412,CVE-2013-2443,CVE-2013-2447,CVE-2013-2437 * CVE-2013-2444,CVE-2013-2452,CVE-2013-2446,CVE-2013-2450 * CVE-2013-1571,CVE-2013-2451,CVE-2013-1500 ------------------------------------------------------------------- Fri May 17 08:26:28 UTC 2013 - mvyskocil@suse.com - add jexec to alternative list bnc#592934 - drop some pointless executable bits ------------------------------------------------------------------- Wed May 15 11:49:47 UTC 2013 - mvyskocil@suse.com - fix bnc#819288: java-1_6_0-ibm SR13-FP2 update * CVE-2013-2422, CVE-2013-1491, CVE-2013-2435, CVE-2013-2420, * CVE-2013-2432, CVE-2013-1569, CVE-2013-2384, CVE-2013-2383, * CVE-2013-1557, CVE-2013-1537, CVE-2013-2440, CVE-2013-2429, * CVE-2013-2430, CVE-2013-1563, CVE-2013-2394, CVE-2013-0401, * CVE-2013-2424, CVE-2013-2419, CVE-2013-2417, CVE-2013-2418, * CVE-2013-1540, CVE-2013-2433 ------------------------------------------------------------------- Thu Apr 11 10:49:37 UTC 2013 - mvyskocil@suse.com - fix bnc#813939: java-1_6_0-ibm SR13-FP1 update * CVE-2013-0485, CVE-2013-0809, CVE-2013-1493, CVE-2013-0169 ------------------------------------------------------------------- Mon Mar 11 12:25:57 UTC 2013 - mvyskocil@suse.com - properly quote conditions in %postin (bnc#808625) (patch by kwg) ------------------------------------------------------------------- Mon Mar 4 12:12:58 UTC 2013 - mvyskocil@suse.com - fix bnc#798535: java-1_6_0-ibm SR13 update * CVE-2013-1487, CVE-2013-1486, CVE-2013-1478, CVE-2013-0445 * CVE-2013-1480, CVE-2013-0441, CVE-2013-1476, CVE-2012-1541 * CVE-2013-0446, CVE-2012-3342, CVE-2013-0442, CVE-2013-0450 * CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2012-3213 * CVE-2013-1481, CVE-2013-0419, CVE-2013-0423, CVE-2013-0351 * CVE-2013-0432, CVE-2013-1473, CVE-2013-0435, CVE-2013-0434 * CVE-2013-0409, CVE-2013-0427, CVE-2013-0433, CVE-2013-0424 * CVE-2013-0440, CVE-2013-0438, CVE-2013-0443 ------------------------------------------------------------------- Fri Nov 23 08:33:00 UTC 2012 - mvyskocil@suse.com - fix bnc#785631 - javaws missing in /usr/bin/ * workaround: check and restore javaws symlink if does not exists after update-alternatives --install call ------------------------------------------------------------------- Mon Nov 12 12:58:01 UTC 2012 - mvyskocil@suse.com - fix bnc#788750: java-1_6_0-ibm SR12 update * CVE-2012-3159,CVE-2012-3216,CVE-2012-5068,CVE-2012-3143,CVE-2012-5073 * CVE-2012-5075,CVE-2012-5083,CVE-2012-5083,CVE-2012-5072,CVE-2012-1531 * CVE-2012-5081,CVE-2012-1532,CVE-2012-1533,CVE-2012-5069,CVE-2012-5071 * CVE-2012-5084,CVE-2012-5079,CVE-2012-5089 ------------------------------------------------------------------- Fri Sep 7 12:34:51 UTC 2012 - mvyskocil@suse.cz - fix bnc#778629: java-1_6_0-ibm SR11 update * CVE-2012-0551,CVE-2012-1717,CVE-2012-1716,CVE-2012-1713,CVE-2012-1719 * CVE-2012-1718,CVE-2012-1722,CVE-2012-1721,CVE-2012-1725 - fix bnc#771808: create symlink /usr/bin/javaws properly - fix bnc#666744: mark all configuration files as %config(noreplace) - fix bnc#773021: add code removing fonts symlink to baselibs.conf ------------------------------------------------------------------- Mon Apr 23 13:44:41 UTC 2012 - mvyskocil@suse.cz - fix bnc#758470: java-1_6_0-ibm SR10-FP1 update - fix bnc#752306: fileconflict between main and plugin package * sunw_java_plugin.mo now belongs to plugin package only - fix bnc#683754: broken symlink when updating ibm java * remove the fontdir if it's a symlink ------------------------------------------------------------------- Thu Jan 12 07:47:18 UTC 2012 - mvyskocil@suse.cz - fix bnc#739248 - VUL-0: IBM Java 1.6.0 SR10 released ------------------------------------------------------------------- Mon Jan 2 10:25:17 UTC 2012 - mvyskocil@suse.cz - fix bnc#735637 VUL-0: java-1_6_0-ibm SR9-SP3 (iFix) update ------------------------------------------------------------------- Fri Dec 9 09:52:34 UTC 2011 - mvyskocil@suse.cz - fix 735637 - VUL-0: java-1_6_0-ibm SR9-SP3 update ------------------------------------------------------------------- Wed Jul 13 13:12:41 UTC 2011 - mvyskocil@suse.cz - fix bnc#705423 - VUL-0: IBM Java 1.6.0 SR9 FP2 update ------------------------------------------------------------------- Mon Mar 7 12:23:02 UTC 2011 - mvyskocil@suse.cz - fix bnc#673798 - IBM Java 6 SR9-FP1 update ------------------------------------------------------------------- Wed Feb 23 09:29:22 UTC 2011 - mvyskocil@suse.cz - fix bnc#673738: VUL-0: java-*-ibm: denial of service by converting float CVE-2010-4476 - don't repack tarball to bz2 - return fonts back to main package - add jdbc package to baselibs.conf (-32bit packages) ------------------------------------------------------------------- Fri Dec 17 13:50:42 UTC 2010 - mvyskocil@suse.cz - fix bnc#659926 - VUL-0: IBM Java 6 SR9 released * CVE-2010-3553 * CVE-2009-3555 * CVE-2010-3562 * CVE-2010-3557 * CVE-2010-3558 * CVE-2010-3563 * CVE-2010-0771 * CVE-2010-3550 * CVE-2010-3549 * CVE-2010-3551 * CVE-2010-3555 * CVE-2010-3556 * CVE-2010-3559 * CVE-2010-3548 * CVE-2010-1321 * CVE-2010-3565 * CVE-2010-3567 * CVE-2010-3566 * CVE-2010-3568 * CVE-2010-3541 * CVE-2010-3569 * CVE-2010-3571 * CVE-2010-3572 * CVE-2010-3560 * CVE-2010-3573 * CVE-2010-3574 ------------------------------------------------------------------- Tue Nov 16 10:57:08 UTC 2010 - mvyskocil@suse.cz - sync priority between spec and baselibs.conf - 32bit plugin package for x86_64 - fix bnc#649241: IBM Java plugin is wronly packaged * make libnpjp2.so as a default plugin * create plugin subpackage for x86_64 too - avoid duplicates and empty lines in /etc/{mailcap,mime.types} ------------------------------------------------------------------- Thu Jul 22 11:04:41 UTC 2010 - mvyskocil@suse.cz - fix bnc#624224 - VUL-0: Java 6 SR8 FP1 for SLES11 SP1 - do not touch scripts in bin and jre/bin (comment#8) ------------------------------------------------------------------- Mon May 10 08:42:41 UTC 2010 - mvyskocil@suse.cz - fix bnc#603283 - VUL-1: java-1_6_0-ibm: IBM Java 1.6.0 SR8 to stop bypassing filters by using UTF-8 encoding * CVE-2008-5351 - remove xdelta binaries ------------------------------------------------------------------- Mon Mar 1 10:18:31 UTC 2010 - mvyskocil@suse.cz - fix [bnc#578134] - The IBM java6 is not recognizing the time zone information ------------------------------------------------------------------- Tue Dec 22 13:49:12 UTC 2009 - mvyskocil@suse.cz - fixed bnc#561859 - VUL-0: IBM Java 6 SR7 ------------------------------------------------------------------- Mon Dec 7 11:08:40 UTC 2009 - mvyskocil@suse.cz - timezone 1.6.9s update (bnc#558342) - removed wrapper scripts in %%prep ------------------------------------------------------------------- Wed Oct 21 12:49:40 UTC 2009 - mvyskocil@suse.cz - Fixed bnc#548655: VUL-0: Update java-1_6_0-ibm to SR6 - Prevents bnc#538528 by disabling debug* packages - Improved versioning - it now contains a _srX suffix, with a number of current Service Refresh from IBM ------------------------------------------------------------------- Mon Jun 29 10:46:47 CEST 2009 - mvyskocil@suse.cz - fixed bnc#516361: VUL-0: IBM Java 6 SR5 updated to SR5 - fixed bnc#494536: Updating Java overwrites a custom certs Mark the following files as %config(noreplace): * jre/lib/security/cacerts * jre/lib/security/java.policy * jre/lib/security/java.security * jre/lib/security/javaws.security (on x86, ppc and ppc64) * /usr/lib/jvm-private/java-1_6_0-sun/jce/vanilla/local_policy.jar * /usr/lib/jvm-private/java-1_6_0-sun/jce/vanilla/US_export_policy.jar (don't remove the policy files in jre/lib/security - they're just symlinks) ------------------------------------------------------------------- Thu Apr 2 14:52:03 CEST 2009 - mvyskocil@suse.cz - fixed [bnc#489052]: IBM Java 1.4.2 SR13 / IBM Java 1.6.0 SR4 updated to SR4 - removed the ifix - used tzupdate macro to turn on/off the tzupdate like in Java Sun specs - don't use xdelta for rpath fix (but still sourced due strange error of rpmbuild) ------------------------------------------------------------------- Fri Feb 20 08:23:47 CET 2009 - mvyskocil@suse.cz - fixed bnc#475621: Update of java-1_6_0-ibm required to meet sun java compliance - replaced an original archive by px{a,p,z} files provided by IBM on x86_64, ppc64 and s390x architectures ------------------------------------------------------------------- Tue Feb 3 15:55:22 CET 2009 - mvyskocil@suse.cz - baselibs.conf: use java-1_6_0 where's necessary bnc#468886 (just for sure) ------------------------------------------------------------------- Mon Jan 26 14:33:15 CET 2009 - ro@suse.de - baselibs.conf: replace by 1.6.0 where needed ------------------------------------------------------------------- Sat Jan 24 11:14:38 CET 2009 - schwab@suse.de - Remove redundant require on libstdc++33. ------------------------------------------------------------------- Fri Jan 16 13:38:15 CET 2009 - mvyskocil@suse.cz - use a %%{javaver} in a top dir (bnc#466078) - marked jtzu as NoSource ------------------------------------------------------------------- Wed Jan 7 11:53:59 CET 2009 - mvyskocil@suse.cz - fixed bnc#459800: Mismatch in the width and height of JList - added a java-font package to Requires - remove a backup dir after timezone update - disable a stripping - do not index jars (may causes a lot of errors) - use fdupes only on JRE and SDK/demo, the links from JRE to JDK will break the installation ------------------------------------------------------------------- Tue Jan 6 11:39:56 CET 2009 - mvyskocil@suse.cz - use the jtzu tool from http://www.ibm.com/ webpage (has a different checksum) ------------------------------------------------------------------- Thu Dec 18 15:34:16 CET 2008 - mvyskocil@suse.cz - update to SR3 - bnc#459763 - include a fixed jtzu-1.6.8i.zip from bnc#456140 ------------------------------------------------------------------- Thu Dec 11 17:02:22 CET 2008 - ro@suse.de - update baselibs.conf (require alsa subpackage only on x86) (bnc#457737) ------------------------------------------------------------------- Thu Nov 27 14:44:40 CET 2008 - ro@suse.de - another fix for baselibs.conf (. vs _) (bnc#449438) ------------------------------------------------------------------- Fri Oct 24 16:26:03 CEST 2008 - ro@suse.de - fix baselibs.conf ------------------------------------------------------------------- Fri Oct 24 14:35:12 CEST 2008 - kukuk@suse.de - Replace compat-libstdc++ with libstdc++33 ------------------------------------------------------------------- Tue Oct 14 15:35:12 CEST 2008 - mvyskocil@suse.cz - prevent of bnc#432772: /usr/bin/java is not executable - use a `install -m 0755' instead of `cp' for wrapper-script installation ------------------------------------------------------------------- Wed Oct 8 11:16:28 CEST 2008 - mvyskocil@suse.cz - fix of bnc#430026: Java plug-in for Firefox does not show up in plug-ins - install a jre/plugin dir and changed the pluginpath and a pluginname - fix of some rpmlint errors and warnings: - use dos2unix on documentation - fix a duplicates in documentation - remove all Windows executables from installation - disabled a RPATH test, because it fails on some architectures - added samples dir to demo package (if exists) ------------------------------------------------------------------- Fri Sep 19 11:41:18 CEST 2008 - anosek@suse.cz - updated to 1.6.0 sr2 (bnc#427342) (fate#305090) - updated timezone data to version 1.6.8f - fixed Missing .systemPrefs (bnc#394974) ------------------------------------------------------------------- Wed Aug 20 11:52:57 CEST 2008 - schwab@suse.de - Fix up rpaths. ------------------------------------------------------------------- Mon Jul 14 23:48:50 CEST 2008 - schwab@suse.de - Add unzip to BuildRequires. ------------------------------------------------------------------- Tue Jul 1 13:59:46 CEST 2008 - anosek@suse.cz - updated to 1.6.0 sr1 (bnc#404983) - updated timezone data (bnc#397378) ------------------------------------------------------------------- Tue Apr 15 16:39:08 CEST 2008 - mvyskocil@suse.cz - update to 1.6.0 GA: VUL-0: IBM Java: multiple vulnerabilities [bnc#379038] - CVE-2008-1196: A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. - CVE-2008-1195: A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. - CVE-2008-1194: Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. - CVE-2008-1194: A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. - CVE-2008-1193: A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. - CVE-2008-1192: A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. - CVE-2008-1191: A vulnerability in Java Web Start may allow an untrusted Java Web Start application to create files on the system that the untrusted application runs on and leverage these files to run local applications with the privileges of the user running the untrusted Java Web Start application. - CVE-2008-1190: A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. - CVE-2008-1189: A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. - CVE-2008-1188: Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. - CVE-2008-1187: A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). ------------------------------------------------------------------- Thu Feb 28 11:44:53 CET 2008 - anosek@suse.cz - changed Requires: %{_libdir}/libodbc.so, %{_libdir}/libodbcinst.so to Requires: unixODBC [#326751] ------------------------------------------------------------------- Mon Nov 26 17:51:51 CET 2007 - ro@suse.de - fix fdupes call to avoid potential cross partition hardlink ------------------------------------------------------------------- Thu Sep 6 10:56:33 CEST 2007 - anosek@suse.cz - added 32-bit and 64-bit specific provides ------------------------------------------------------------------- Thu Jul 19 20:31:27 CEST 2007 - stbinner@suse.de - fix suse_update_desktop_file call ------------------------------------------------------------------- Wed Jul 4 13:31:02 CEST 2007 - dbornkessel@suse.de - replace own %fdupes implementation with the autobuild implementation - delete predefined desktop files ------------------------------------------------------------------- Fri May 25 17:30:08 CEST 2007 - dbornkessel@suse.de - first version, based on java-1_5_0-ibm