File _patchinfo of Package patchinfo.1574
<patchinfo incident="1574">
<issue id="935540" tracker="bnc">VUL-1: IBM Java: The logjam Attack</issue>
<issue id="955131" tracker="bnc">VUL-0: java: IBM java update november</issue>
<issue id="930365" tracker="bnc">VUL-0: Java SE Version 7: Multiple CVE's fixed in new IBM java release SR9</issue>
<issue id="912434" tracker="bnc">zypper in java-1_7_0-openjdk has problems with update-alternatives : ibm-java needs fixed update-alternatives</issue>
<issue id="912447" tracker="bnc">The keystore of IBM java should point to our generated keystore</issue>
<issue id="938895" tracker="bnc">VUL-0: java-1_5_0-ibm,java-1_6_0-ibm,java-1_7_0-ibm,java-1_7_1-ibm: IBM July 2015 Java update</issue>
<issue id="941939" tracker="bnc">java-1_6_0-ibm (6.0-16.7) package break JCE symbolic links on update</issue>
<issue id="931702" tracker="bnc">java-1_*_0-ibm package break JCE symbolic links on update</issue>
<issue id="891701" tracker="bnc">VUL-0: java-1_7_0-ibm SR7-FP1</issue>
<issue id="CVE-2015-4843" tracker="cve" />
<issue id="CVE-2015-4842" tracker="cve" />
<issue id="CVE-2015-4840" tracker="cve" />
<issue id="CVE-2015-4860" tracker="cve" />
<issue id="CVE-2015-5006" tracker="cve" />
<issue id="CVE-2015-4844" tracker="cve" />
<issue id="CVE-2015-4731" tracker="cve" />
<issue id="CVE-2015-4733" tracker="cve" />
<issue id="CVE-2015-4732" tracker="cve" />
<issue id="CVE-2015-4911" tracker="cve" />
<issue id="CVE-2015-4734" tracker="cve" />
<issue id="CVE-2015-0491" tracker="cve" />
<issue id="CVE-2015-4729" tracker="cve" />
<issue id="CVE-2014-4252" tracker="cve" />
<issue id="CVE-2015-4872" tracker="cve" />
<issue id="CVE-2014-4219" tracker="cve" />
<issue id="CVE-2015-2808" tracker="cve" />
<issue id="CVE-2015-4749" tracker="cve" />
<issue id="CVE-2015-2664" tracker="cve" />
<issue id="CVE-2015-2625" tracker="cve" />
<issue id="CVE-2015-2601" tracker="cve" />
<issue id="CVE-2015-2621" tracker="cve" />
<issue id="CVE-2015-4893" tracker="cve" />
<issue id="CVE-2015-2590" tracker="cve" />
<issue id="CVE-2015-4810" tracker="cve" />
<issue id="CVE-2015-0478" tracker="cve" />
<issue id="CVE-2015-0477" tracker="cve" />
<issue id="CVE-2015-0488" tracker="cve" />
<issue id="CVE-2015-0458" tracker="cve" />
<issue id="CVE-2015-0459" tracker="cve" />
<issue id="CVE-2015-4835" tracker="cve" />
<issue id="CVE-2014-4262" tracker="cve" />
<issue id="CVE-2014-4263" tracker="cve" />
<issue id="CVE-2015-4748" tracker="cve" />
<issue id="CVE-2014-4265" tracker="cve" />
<issue id="CVE-2014-4266" tracker="cve" />
<issue id="CVE-2015-4871" tracker="cve" />
<issue id="CVE-2014-4268" tracker="cve" />
<issue id="CVE-2015-4883" tracker="cve" />
<issue id="CVE-2014-4227" tracker="cve" />
<issue id="CVE-2015-4902" tracker="cve" />
<issue id="CVE-2014-4221" tracker="cve" />
<issue id="CVE-2014-4244" tracker="cve" />
<issue id="CVE-2015-4903" tracker="cve" />
<issue id="CVE-2015-4760" tracker="cve" />
<issue id="CVE-2015-0480" tracker="cve" />
<issue id="CVE-2015-4882" tracker="cve" />
<issue id="CVE-2014-4220" tracker="cve" />
<issue id="CVE-2015-0204" tracker="cve" />
<issue id="CVE-2014-4208" tracker="cve" />
<issue id="CVE-2014-4209" tracker="cve" />
<issue id="CVE-2015-0138" tracker="cve" />
<issue id="CVE-2015-2638" tracker="cve" />
<issue id="CVE-2015-4000" tracker="cve" />
<issue id="CVE-2015-2613" tracker="cve" />
<issue id="CVE-2015-2637" tracker="cve" />
<issue id="CVE-2015-2632" tracker="cve" />
<issue id="CVE-2015-2619" tracker="cve" />
<issue id="CVE-2015-4806" tracker="cve" />
<issue id="CVE-2015-4805" tracker="cve" />
<issue id="CVE-2015-0469" tracker="cve" />
<issue id="CVE-2015-1931" tracker="cve" />
<issue id="CVE-2014-4218" tracker="cve" />
<issue id="CVE-2015-1914" tracker="cve" />
<issue id="CVE-2015-4803" tracker="cve" />
<issue id="CVE-2015-0192" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>scarabeus_iv</packager>
<description>The java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues:
- bnc#955131: Version update to 7.0-9.20:
CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810
CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844
CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883
CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006
- Add backcompat symlinks for sdkdir
- bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir
- bnc#938895: Version update to 7.0-9.10:
CVE-2015-1931 CVE-2015-2638 CVE-2015-4733 CVE-2015-4732 CVE-2015-2590
CVE-2015-4731 CVE-2015-4760 CVE-2015-4748 CVE-2015-2664 CVE-2015-2632
CVE-2015-2637 CVE-2015-2619 CVE-2015-2621 CVE-2015-2613 CVE-2015-2601
CVE-2015-4749 CVE-2015-4000 CVE-2015-4729 CVE-2015-2808 CVE-2015-2625
CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480
CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204
- bnc#935540: Version update to 7.0-9.1 for the logjam attack
- Sync spec and baselibs.conf
- Remove obsolete parts of update-alternatives from baselibs.conf
- convert the baselibs to unix encoding
- Do not bother with non-etc-marked-as-conf
- Move plugin desktop/icon to proper subpackage
- Fix fdupes usage and javapackages-tools vs jpackage-utils dependencies
- Drop creation of 0 size xlfd support files as they are never
regenerated anyway
- Cleanup with spec-cleaner
- bnc#930365: Version bum to 7.0-9.0:
CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138
- bnc#931702: Fix removeing links before update-alternatives run.
- bnc#912434: Fix javaws/plugin stuff should slave plugin update-alternatives
- bnc#912447: Fix use system cacerts
- Add condition for fdupes to build on SLE10
- bnc#891701: Version bump to 7.0-7.1 release wrt:
* CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209
* CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252
* CVE-2014-4266 CVE-2014-4265 CVE-2014-4221 CVE-2014-4263
* CVE-2014-4244 CVE-2014-4208
- Fix build on i586 and s390
* Remove bogus dependency on libstdc++33
- Build fix in java-1_7_0-ibm-rpmlintrc
* Filter out the "invalid license" errors to make build succeed.
* Filter out the "files-duplicated-waste" since it is supposingly
not safe to do %fdupes in this kind of packages
- update qa_filelists.tar.bz2</description>
<summary>Security update for java-1_7_0-ibm</summary>
</patchinfo>
