[ubuntu/lucid] openjdk-6 6b17~pre2-0ubuntu3 (Accepted)

Matthias Klose doko at ubuntu.com
Mon Nov 9 17:00:22 GMT 2009 

openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low

  * Security updates:
    - (CVE-2009-3728) ICC_Profile file existence detection information leak
      (6631533).
    - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445).
    - (CVE-2009-3881) resurrected classloaders can still have children
      (6636650).
    - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs)
      (6657026).
    - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138).
    - (CVE-2009-3880) UI logging information leakage (6664512).
    - (CVE-2009-3879) GraphicsConfiguration information leak (6822057).
    - (CVE-2009-3884) zoneinfo file existence information leak (6824265).
    - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062).
    - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968).
    - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack
      vulnerabilities (6863503).
    - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser
      denial of service (6864911).
    - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357).
    - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643.
    - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358).
  * Update IcedTea build infrastructure (20091109).
  * Use hs16 on armel.

Date: Mon, 09 Nov 2009 17:48:43 +0100
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Signed-By: Matthias Klose <matthias.klose at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b17~pre2-0ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Nov 2009 17:48:43 +0100
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b17~pre2-0ubuntu3
Distribution: lucid
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low
 .
   * Security updates:
     - (CVE-2009-3728) ICC_Profile file existence detection information leak
       (6631533).
     - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445).
     - (CVE-2009-3881) resurrected classloaders can still have children
       (6636650).
     - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs)
       (6657026).
     - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138).
     - (CVE-2009-3880) UI logging information leakage (6664512).
     - (CVE-2009-3879) GraphicsConfiguration information leak (6822057).
     - (CVE-2009-3884) zoneinfo file existence information leak (6824265).
     - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062).
     - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968).
     - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack
       vulnerabilities (6863503).
     - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser
       denial of service (6864911).
     - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357).
     - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643.
     - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358).
   * Update IcedTea build infrastructure (20091109).
   * Use hs16 on armel.
Checksums-Sha1: 
 2c85ebd9f8ec9de0c745e9822809b5dfbbf32a4a 2354 openjdk-6_6b17~pre2-0ubuntu3.dsc
 d4ebf5cdc0424927fe1f5ade978c8208298dfd2a 166804 openjdk-6_6b17~pre2-0ubuntu3.diff.gz
Checksums-Sha256: 
 1afe42fbbe6e7029793bbc206d250cb8ab6d233a41a429c5f5271bd7b1f082a8 2354 openjdk-6_6b17~pre2-0ubuntu3.dsc
 4125f92f7610d5f1ec440b10b227da3c5f20c4535583b7176097024a51de3a5f 166804 openjdk-6_6b17~pre2-0ubuntu3.diff.gz
Files: 
 951d796ee12d76b892ae886f32b7dc77 2354 java optional openjdk-6_6b17~pre2-0ubuntu3.dsc
 09ae3635965121f410c65a2e5902b9f3 166804 java optional openjdk-6_6b17~pre2-0ubuntu3.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr4SGQACgkQStlRaw+TLJwOggCglm3znF1h0B0aCKreBg73yMD7
GFcAn0ZMyzFQHDE2zAMDsHeqQdvPEQwT
=sHU1
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list