------------------------------------------------------------ revno: 612 committer: Matthias Klose <d...@ubuntu.com> branch nick: openjdk7 timestamp: Wed 2017-02-08 10:31:41 +0100 message: * Remove obsolete changelog entries from previous release. modified: changelog
-- lp:~openjdk/openjdk/openjdk7 https://code.launchpad.net/~openjdk/openjdk/openjdk7 Your team Debian Java Maintainers is subscribed to branch lp:~openjdk/openjdk/openjdk7. To unsubscribe from this branch go to https://code.launchpad.net/~openjdk/openjdk/openjdk7/+edit-subscription
=== modified file 'changelog' --- changelog 2017-02-08 09:16:30 +0000 +++ changelog 2017-02-08 09:31:41 +0000 @@ -35,6 +35,10 @@ dispatch HTTP GET requests where the invoker does not have permission. - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when long running sessions are allowed. + - S8165344, CVE-2017-3272: A protected field can be leveraged into type + confusion. + - S8156802, CVE-2017-3241: RMI deserialization should limit the types + deserialized to prevent attacks that could escape the sandbox. * Ignored - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may leak information about k.
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.