[ubuntu/hardy-security] openjdk-6, openjdk-6 (delayed) 6b11-2ubuntu2.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Apr 7 06:08:06 BST 2010
openjdk-6 (6b11-2ubuntu2.2) hardy-security; urgency=low
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- 6626217: Loader-constraint table allows arrays instead of only
the base-classes.
- 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
- 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
- 6736390: File TOCTOU deserialization vulnerability.
- 6745393: Inflater/Deflater clone issues.
- 6887703: Unsigned applet can retrieve the dragged information before drop
action occur.
- 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
- 6892265: System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes.
- 6893947: Deserialization of RMIConnectionImpl objects should enforce
stricter checks [ZDI-CAN-588].
- 6893954: Subclasses of InetAddress may incorrectly interpret network
addresses [ZDI-CAN-603].
- 6894807: No ClassCastException for HashAttributeSet constructors if run
with -Xcomp.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
encoded CommonName OIDs.
- 6898739: TLS renegotiation issue.
- 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
- 6902299: Java JAR "unpack200" must verify input parameters.
- 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
Vulnerability.
- 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
Vulnerability.
- 6910590: Application can modify command array, in ProcessBuilder.
- 6914823: Java AWT Library Invalid Index Vulnerability.
- 6914866: JRE ImagingLib arbitrary code execution vulnerability.
- 6932480: Crash in CompilerThread/Parser.
Date: Mon, 29 Mar 2010 21:05:11 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/openjdk-6/6b11-2ubuntu2.2
-------------- next part --------------
Format: 1.7
Date: Mon, 29 Mar 2010 21:05:11 +0200
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg
Architecture: source
Version: 6b11-2ubuntu2.2
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description:
openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
openjdk-6-jdk - OpenJDK Development Kit (JDK)
openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes:
openjdk-6 (6b11-2ubuntu2.2) hardy-security; urgency=low
.
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- 6626217: Loader-constraint table allows arrays instead of only
the base-classes.
- 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
- 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
- 6736390: File TOCTOU deserialization vulnerability.
- 6745393: Inflater/Deflater clone issues.
- 6887703: Unsigned applet can retrieve the dragged information before drop
action occur.
- 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
- 6892265: System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes.
- 6893947: Deserialization of RMIConnectionImpl objects should enforce
stricter checks [ZDI-CAN-588].
- 6893954: Subclasses of InetAddress may incorrectly interpret network
addresses [ZDI-CAN-603].
- 6894807: No ClassCastException for HashAttributeSet constructors if run
with -Xcomp.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
encoded CommonName OIDs.
- 6898739: TLS renegotiation issue.
- 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
- 6902299: Java JAR "unpack200" must verify input parameters.
- 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
Vulnerability.
- 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
Vulnerability.
- 6910590: Application can modify command array, in ProcessBuilder.
- 6914823: Java AWT Library Invalid Index Vulnerability.
- 6914866: JRE ImagingLib arbitrary code execution vulnerability.
- 6932480: Crash in CompilerThread/Parser.
Files:
3733e7dce2f951b329b777fb097b853a 1797 devel extra openjdk-6_6b11-2ubuntu2.2.dsc
c52d5567be104b1ecf671fae43a15682 183148 devel extra openjdk-6_6b11-2ubuntu2.2.diff.gz
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
More information about the Hardy-changes
mailing list