[ubuntu/jaunty] openjdk-6 6b14-0ubuntu6 (Accepted)

Matthias Klose doko at ubuntu.com
Tue Jan 13 14:35:36 GMT 2009 

openjdk-6 (6b14-0ubuntu6) jaunty; urgency=low

  * The -source package now contains all source files. Closes: #504568.
  * The 6b14 build fixes the following security related issues (sun bug number,
    CVE, description):
    - 6588160, CVE-2008-5348: jaas krb5 client leaks OS-level UDP sockets.
    - 6497740, CVE-2009-5349: Limit the size of RSA public keys.
    - 6484091, CVE-2008-5350: FileSystemView leaks directory info.
    - 4486841, CVE-2008-5351: UTF-8 decoder needed adhere to Unicode 3.0.1
      fixes.
    - 6755943, CVE-2008-5352: JAR decompression should enforce stricter header
      checks.
    - 6734167, CVE-2008-5353: Calendar.readObject allows elevation of
      privileges.
    - 6733959, CVE-2008-5354: Insufficient checks for "Main-Class" manifest
      entry in JAR files
    - 6751322, CVE-2008-5356: Sun Java JRE TrueType Font Parsing Heap Overflow.
    - 6733336, CVE-2008-5357: Crash on malformed font.
    - 6766136, CVE-2008-5358: corrupted gif image may cause crash in java
      splashscreen library.
    - 6726779, CVE-2008-5359: ConvolveOp on USHORT raster can cause the JVM
      crash.
    - 6721753, CVE-2008-5360: File.createTempFile produces guessable file names.
    - 6592792: Add com.sun.xml.internal to the "package.access" property in
         $JAVA_HOME/lib/security/java.security.
  * Regenerate the control file.

Date: Tue, 13 Jan 2009 15:04:36 +0100
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
https://launchpad.net/ubuntu/jaunty/+source/openjdk-6/6b14-0ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 13 Jan 2009 15:04:36 +0100
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin openjdk-6-source-files
Architecture: source
Version: 6b14-0ubuntu6
Distribution: jaunty
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
 openjdk-6-source-files - OpenJDK 6 source files (used as a build dependency)
Closes: 504568
Changes: 
 openjdk-6 (6b14-0ubuntu6) jaunty; urgency=low
 .
   * The -source package now contains all source files. Closes: #504568.
   * The 6b14 build fixes the following security related issues (sun bug number,
     CVE, description):
     - 6588160, CVE-2008-5348: jaas krb5 client leaks OS-level UDP sockets.
     - 6497740, CVE-2009-5349: Limit the size of RSA public keys.
     - 6484091, CVE-2008-5350: FileSystemView leaks directory info.
     - 4486841, CVE-2008-5351: UTF-8 decoder needed adhere to Unicode 3.0.1
       fixes.
     - 6755943, CVE-2008-5352: JAR decompression should enforce stricter header
       checks.
     - 6734167, CVE-2008-5353: Calendar.readObject allows elevation of
       privileges.
     - 6733959, CVE-2008-5354: Insufficient checks for "Main-Class" manifest
       entry in JAR files
     - 6751322, CVE-2008-5356: Sun Java JRE TrueType Font Parsing Heap Overflow.
     - 6733336, CVE-2008-5357: Crash on malformed font.
     - 6766136, CVE-2008-5358: corrupted gif image may cause crash in java
       splashscreen library.
     - 6726779, CVE-2008-5359: ConvolveOp on USHORT raster can cause the JVM
       crash.
     - 6721753, CVE-2008-5360: File.createTempFile produces guessable file names.
     - 6592792: Add com.sun.xml.internal to the "package.access" property in
          $JAVA_HOME/lib/security/java.security.
   * Regenerate the control file.
Checksums-Sha1: 
 dfbe8ba61b3613f950def6882f689ab337198e5b 2288 openjdk-6_6b14-0ubuntu6.dsc
 f72e4a755af2b2e336ab6ac4b78470f4abe0ba78 125696 openjdk-6_6b14-0ubuntu6.diff.gz
Checksums-Sha256: 
 c3020cf6fa77c2618d6adacb85705b47047396bd3b560a73ad882e4b5098a05f 2288 openjdk-6_6b14-0ubuntu6.dsc
 1a8b4a4fb46b51693e073b6a3e3f31a87166dcf29ea37a1e57bccd7e1b4831e3 125696 openjdk-6_6b14-0ubuntu6.diff.gz
Files: 
 ef9ad76d574012afa48685b0270ed440 2288 devel extra openjdk-6_6b14-0ubuntu6.dsc
 4b02c3a68255179a37599a880bbef413 125696 devel extra openjdk-6_6b14-0ubuntu6.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklspdkACgkQStlRaw+TLJz3QgCdG9V4ygANOx0abz9sFsU6Zeyp
FXQAn2IPrujUNP3BI5UynD4+bK38Eek2
=l++D
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list