[ubuntu/jaunty-security] openjdk-6, openjdk-6 (delayed) 6b14-1.4.1-0ubuntu13 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Apr 7 06:05:31 BST 2010 

openjdk-6 (6b14-1.4.1-0ubuntu13) jaunty-security; urgency=low

  * Security updates:
    - 6626217: Loader-constraint table allows arrays instead of only
      the base-classes.
    - 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
    - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
    - 6736390: File TOCTOU deserialization vulnerability.
    - 6745393: Inflater/Deflater clone issues.
    - 6887703: Unsigned applet can retrieve the dragged information before drop
      action occur.
    - 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
    - 6892265: System.arraycopy unable to reference elements beyond
      Integer.MAX_VALUE bytes.
    - 6893947: Deserialization of RMIConnectionImpl objects should enforce
      stricter checks [ZDI-CAN-588].
    - 6893954: Subclasses of InetAddress may incorrectly interpret network
      addresses [ZDI-CAN-603].
    - 6894807: No ClassCastException for HashAttributeSet constructors if run
      with -Xcomp.
    - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
      encoded CommonName OIDs.
    - 6898739: TLS renegotiation issue.
    - 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
    - 6902299: Java JAR "unpack200" must verify input parameters.
    - 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
      Vulnerability.
    - 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
      Vulnerability.
    - 6910590: Application can modify command array, in ProcessBuilder.
    - 6914823: Java AWT Library Invalid Index Vulnerability.
    - 6914866: JRE ImagingLib arbitrary code execution vulnerability.
    - 6932480: Crash in CompilerThread/Parser.

Date: Mon, 29 Mar 2010 22:53:11 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
https://launchpad.net/ubuntu/jaunty/+source/openjdk-6/6b14-1.4.1-0ubuntu13
-------------- next part --------------
Format: 1.8
Date: Mon, 29 Mar 2010 22:53:11 +0200
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin openjdk-6-source-files icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b14-1.4.1-0ubuntu13
Distribution: jaunty-security
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternatve JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternatve JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
 openjdk-6-source-files - OpenJDK 6 source files (used as a build dependency)
Changes: 
 openjdk-6 (6b14-1.4.1-0ubuntu13) jaunty-security; urgency=low
 .
   * Security updates:
     - 6626217: Loader-constraint table allows arrays instead of only
       the base-classes.
     - 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
     - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
     - 6736390: File TOCTOU deserialization vulnerability.
     - 6745393: Inflater/Deflater clone issues.
     - 6887703: Unsigned applet can retrieve the dragged information before drop
       action occur.
     - 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
     - 6892265: System.arraycopy unable to reference elements beyond
       Integer.MAX_VALUE bytes.
     - 6893947: Deserialization of RMIConnectionImpl objects should enforce
       stricter checks [ZDI-CAN-588].
     - 6893954: Subclasses of InetAddress may incorrectly interpret network
       addresses [ZDI-CAN-603].
     - 6894807: No ClassCastException for HashAttributeSet constructors if run
       with -Xcomp.
     - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
       encoded CommonName OIDs.
     - 6898739: TLS renegotiation issue.
     - 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
     - 6902299: Java JAR "unpack200" must verify input parameters.
     - 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
       Vulnerability.
     - 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
       Vulnerability.
     - 6910590: Application can modify command array, in ProcessBuilder.
     - 6914823: Java AWT Library Invalid Index Vulnerability.
     - 6914866: JRE ImagingLib arbitrary code execution vulnerability.
     - 6932480: Crash in CompilerThread/Parser.
Checksums-Sha1: 
 b81aea89eeca886424180651807f930104c83af3 2415 openjdk-6_6b14-1.4.1-0ubuntu13.dsc
 620188a2f211721f10fdc556376ae31aa17472ac 4320319 openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz
Checksums-Sha256: 
 d3a0c376915ff40b34ff6a1d076e888f82ac5ec63152748c8411e93b83fa6e6e 2415 openjdk-6_6b14-1.4.1-0ubuntu13.dsc
 9a4e77f04286369b541540464dbb9039c5108f4106fe17296325a7956fab9765 4320319 openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz
Files: 
 c7756818c527a60c1ae5a4ea1411813b 2415 devel extra openjdk-6_6b14-1.4.1-0ubuntu13.dsc
 4021c8fcd4c1614a2451160790a85405 4320319 devel extra openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz

More information about the Jaunty-changes mailing list