Here is a brief analysis of the pre-release announcement for the upcoming July 2009 Oracle Critical Patch Update (CPU)
Overall, 33 security vulnerabilities are fixed in this CPU, which is an average number well within the range of previous CPUs
The product and vulnerability mix appears to be similar to previous CPUs. All CPU supported Oracle Database, Oracle Application Server, and Oracle E-Business Suite versions are included.
The article continues at http://www.integrigy.com/oracle-security-blog/archive/2009/07/13/cpu-july-2009-prerelease