The October 2012 security "Critical Patch Update" information and downloads are now available from My Oracle Support (MOS).
See http://www.oracle.com/technetwork/topics/security/alerts-086861.html and in particular Document 1475188.1 on My Oracle Support (MOS), http://support.oracle.com, which includes security CVE mappings for Oracle Sun products.
For Solaris 11, Doc 1475188.1 points to the relevant SRUs containing the fixes for each issue. SRU12.4 was released on the CPU date and contains the current cumulative security fixes for the Solaris 11 OS.
For Solaris 10, we take a copy of the Recommended Solaris OS patchset containing the relevant security fixes and rename it as the October CPU patchset on MOS. See link provided from Doc 1475188.1
Doc 1475188.1 also contains references for Firmware, etc., and links to other useful security documentation, including information on Userland/FOSS vulnerabilities and fixes in https://blogs.oracle.com/sunsecurity/