openjdk-6 (6b12-0ubuntu6.7) intrepid-security; urgency=low
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- 6626217: Loader-constraint table allows arrays instead of only
the base-classes.
- 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
- 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
- 6736390: File TOCTOU deserialization vulnerability.
- 6745393: Inflater/Deflater clone issues.
- 6887703: Unsigned applet can retrieve the dragged information before drop
action occur.
- 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
- 6892265: System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes.
- 6893947: Deserialization of RMIConnectionImpl objects should enforce
stricter checks [ZDI-CAN-588].
- 6893954: Subclasses of InetAddress may incorrectly interpret network
addresses [ZDI-CAN-603].
- 6894807: No ClassCastException for HashAttributeSet constructors if run
with -Xcomp.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
encoded CommonName OIDs.
- 6898739: TLS renegotiation issue.
- 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
- 6902299: Java JAR "unpack200" must verify input parameters.
- 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
Vulnerability.
- 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
Vulnerability.
- 6910590: Application can modify command array, in ProcessBuilder.
- 6914823: Java AWT Library Invalid Index Vulnerability.
- 6914866: JRE ImagingLib arbitrary code execution vulnerability.
- 6932480: Crash in CompilerThread/Parser.
Date: Mon, 29 Mar 2010 21:32:02 +0200
Changed-By: Matthias Klose <d...@ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/openjdk-6/6b12-0ubuntu6.7
Format: 1.8
Date: Mon, 29 Mar 2010 21:32:02 +0200
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib
openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin
openjdk-6-source-files
Architecture: source
Version: 6b12-0ubuntu6.7
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Matthias Klose <d...@ubuntu.com>
Description:
icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute
Java a
openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
openjdk-6-jdk - OpenJDK Development Kit (JDK)
openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-6-source - OpenJDK Development Kit (JDK) source files
openjdk-6-source-files - OpenJDK 6 source files (used as a build dependency)
Changes:
openjdk-6 (6b12-0ubuntu6.7) intrepid-security; urgency=low
.
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- 6626217: Loader-constraint table allows arrays instead of only
the base-classes.
- 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
- 6639665: ThreadGroup finalizer allows creation of false root
ThreadGroups.
- 6736390: File TOCTOU deserialization vulnerability.
- 6745393: Inflater/Deflater clone issues.
- 6887703: Unsigned applet can retrieve the dragged information before drop
action occur.
- 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
- 6892265: System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes.
- 6893947: Deserialization of RMIConnectionImpl objects should enforce
stricter checks [ZDI-CAN-588].
- 6893954: Subclasses of InetAddress may incorrectly interpret network
addresses [ZDI-CAN-603].
- 6894807: No ClassCastException for HashAttributeSet constructors if run
with -Xcomp.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
encoded CommonName OIDs.
- 6898739: TLS renegotiation issue.
- 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
- 6902299: Java JAR "unpack200" must verify input parameters.
- 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
Vulnerability.
- 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
Vulnerability.
- 6910590: Application can modify command array, in ProcessBuilder.
- 6914823: Java AWT Library Invalid Index Vulnerability.
- 6914866: JRE ImagingLib arbitrary code execution vulnerability.
- 6932480: Crash in CompilerThread/Parser.
Checksums-Sha1:
f79cb7de5d468951675db46f81b3e034d8578726 2359 openjdk-6_6b12-0ubuntu6.7.dsc
c96cb1e2759b96e702ed891cf90b5a2e0958f40a 1375087
openjdk-6_6b12-0ubuntu6.7.diff.gz
Checksums-Sha256:
f94c107723ba87c0d737fb9b9cd044880457fb6dde7512c9ab3510a45e9a4869 2359
openjdk-6_6b12-0ubuntu6.7.dsc
c10466bded35f1c32556a7daa461ca6baecba0c248a5aa6db78ab90ff3d96ab4 1375087
openjdk-6_6b12-0ubuntu6.7.diff.gz
Files:
60d4e5bf13b4ce37812dbf188b7824ad 2359 devel extra openjdk-6_6b12-0ubuntu6.7.dsc
10d1160d42871b6e8606373cbced4dc7 1375087 devel extra
openjdk-6_6b12-0ubuntu6.7.diff.gz
Original-Maintainer: OpenJDK Team <open...@lists.launchpad.net>
--
Intrepid-changes mailing list
Intrepid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/intrepid-changes
