[ubuntu/karmic-security] openjdk-6, openjdk-6 (delayed) 6b16-1.6.1-3ubuntu3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Apr 7 06:03:24 BST 2010


openjdk-6 (6b16-1.6.1-3ubuntu3) karmic-security; urgency=low

  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
    - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
    - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
      if run with -Xcomp (6894807).
    - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
      (6899653).
    - (CVE-2010-0082): Loader-constraint table allows arrays instead of
      only the base-classes (6626217).
    - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
      network addresses (6893954) [ZDI-CAN-603].
    - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
    - (CVE-2010-0091): Unsigned applet can retrieve the dragged information
      before drop action occurs (6887703).
    - (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
    - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
      (6633872).
    - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
      error (6888149).
    - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
      enforce stricter checks (6893947) [ZDI-CAN-588].
    - (CVE-2010-0093): System.arraycopy unable to reference elements
      beyond Integer.MAX_VALUE bytes (6892265).
    - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
      Vulnerability (6904691).
    - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
    - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
      (6914866).
    - (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
    - 6639665: ThreadGroup finalizer allows creation of false root
      ThreadGroups.
    - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
      encoded CommonName OIDs.
    - 6910590: Application can modify command array in ProcessBuilder.
    - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
    - 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
    - 6898739: TLS renegotiation issue.
  * Build-depend on x11-xkb-utils.

Date: Sun, 04 Apr 2010 12:43:27 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
https://launchpad.net/ubuntu/karmic/+source/openjdk-6/6b16-1.6.1-3ubuntu3
-------------- next part --------------
Format: 1.8
Date: Sun, 04 Apr 2010 12:43:27 +0200
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b16-1.6.1-3ubuntu3
Distribution: karmic-security
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b16-1.6.1-3ubuntu3) karmic-security; urgency=low
 .
   * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
     - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
     - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
       if run with -Xcomp (6894807).
     - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
       (6899653).
     - (CVE-2010-0082): Loader-constraint table allows arrays instead of
       only the base-classes (6626217).
     - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
       network addresses (6893954) [ZDI-CAN-603].
     - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
     - (CVE-2010-0091): Unsigned applet can retrieve the dragged information
       before drop action occurs (6887703).
     - (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
     - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
       (6633872).
     - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
       error (6888149).
     - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
       enforce stricter checks (6893947) [ZDI-CAN-588].
     - (CVE-2010-0093): System.arraycopy unable to reference elements
       beyond Integer.MAX_VALUE bytes (6892265).
     - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
       Vulnerability (6904691).
     - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
     - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
       (6914866).
     - (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
     - 6639665: ThreadGroup finalizer allows creation of false root
       ThreadGroups.
     - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
       encoded CommonName OIDs.
     - 6910590: Application can modify command array in ProcessBuilder.
     - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
     - 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
     - 6898739: TLS renegotiation issue.
   * Build-depend on x11-xkb-utils.
Checksums-Sha1: 
 0a4f1d1b424cc46021175fc6be0769c1a1a22f0b 2347 openjdk-6_6b16-1.6.1-3ubuntu3.dsc
 0a7760f822012362624c7df647fd86c978d4dccf 189626 openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz
Checksums-Sha256: 
 3805532150d20da34318d66842cf12d8b6dce8269b6bba596d7e7a7991b8e75d 2347 openjdk-6_6b16-1.6.1-3ubuntu3.dsc
 6ca7030e01686a527554a797e4dcb65d41e4779b2f384bc10335686722ae77df 189626 openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz
Files: 
 f5e807f1f9bd85ac28ec9d00915369d0 2347 java optional openjdk-6_6b16-1.6.1-3ubuntu3.dsc
 f2bce81c432bd538792e5271b2199f34 189626 java optional openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz


More information about the Karmic-changes mailing list