[ubuntu/karmic-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.7-0ubuntu1~9.10.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Mar 1 06:08:50 UTC 2011 

openjdk-6 (6b20-1.9.7-0ubuntu1~9.10.1) karmic-security; urgency=low

  * IcedTea6 1.9.7 release.
    - SECURITY UPDATE:
      + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
      + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
      + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
      + S6994263, CVE-2010-4472: Untrusted code allowed to replace
        DSIG/C14N implementation
      + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
      + S6983554, CVE-2010-4450: Launcher incorrect processing of
        empty library path entries
      + S6985453, CVE-2010-4471: Java2D font-related system property leak
      + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
      + RH677332, CVE-2011-0706: Multiple signers privilege escalation
    - Bug fixes
      + RH676659: Pass -export-dynamic flag to linker using -Wl,
        as option in gcc 4.6+ is broken
      + G344659: Fix issue when building on SPARC
      + Fix latent JAXP bug caused by missing import
  * dropped patch due to different fix applied upstream:
    - debian/patches/hotspot-sparc-fix.diff
  * debian/patches/hotspot-fix_added_define.patch: added to fix
    redefinition added by patch for S6878713
  * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
    zerovm instead to compensate for
    http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631

Date: Wed, 23 Feb 2011 09:41:17 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
https://launchpad.net/ubuntu/karmic/+source/openjdk-6/6b20-1.9.7-0ubuntu1~9.10.1
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Feb 2011 09:41:17 -0800
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.7-0ubuntu1~9.10.1
Distribution: karmic-security
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b20-1.9.7-0ubuntu1~9.10.1) karmic-security; urgency=low
 .
   * IcedTea6 1.9.7 release.
     - SECURITY UPDATE:
       + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
       + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
       + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
       + S6994263, CVE-2010-4472: Untrusted code allowed to replace
         DSIG/C14N implementation
       + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
       + S6983554, CVE-2010-4450: Launcher incorrect processing of
         empty library path entries
       + S6985453, CVE-2010-4471: Java2D font-related system property leak
       + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
       + RH677332, CVE-2011-0706: Multiple signers privilege escalation
     - Bug fixes
       + RH676659: Pass -export-dynamic flag to linker using -Wl,
         as option in gcc 4.6+ is broken
       + G344659: Fix issue when building on SPARC
       + Fix latent JAXP bug caused by missing import
   * dropped patch due to different fix applied upstream:
     - debian/patches/hotspot-sparc-fix.diff
   * debian/patches/hotspot-fix_added_define.patch: added to fix
     redefinition added by patch for S6878713
   * Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
     zerovm instead to compensate for
     http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631
Checksums-Sha1: 
 2e93775ce2415f20de161e6c23b61e198d499323 3018 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc
 150395cb29650662384afe0dab4fc16d7ed4c44d 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz
 bd919fd8545c75be17e82d7d1929c91623648e67 132023 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz
Checksums-Sha256: 
 f859b482e25a0f2e6e5ac5ad8d12d5b60463d1231ebe2bb706a35f32242d7024 3018 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc
 fb7e696f7b8019c2a8ac78b4823bb4c91efa62ddde9ff9ed799e62b886d79785 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz
 6ce0a626511f387028d45b24abcc54703457e7bffe59dc3b5f837d36d91a5ef2 132023 openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz
Files: 
 9a6f0f82ce6e6963199fa5f1e0da963a 3018 java optional openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.dsc
 c7367808152f71091603546acca43633 73265927 java optional openjdk-6_6b20-1.9.7.orig.tar.gz
 8f8f9a8e3c033dbb852547dcfaa9213b 132023 java optional openjdk-6_6b20-1.9.7-0ubuntu1~9.10.1.diff.gz

More information about the Karmic-changes mailing list