[ubuntu/lucid-security] openjdk-6, openjdk-6 (delayed) 6b20-1.9.7-0ubuntu1~10.04.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Mar 1 06:07:19 UTC 2011
openjdk-6 (6b20-1.9.7-0ubuntu1~10.04.1) lucid-security; urgency=low
* IcedTea6 1.9.7 release.
- SECURITY UPDATE:
+ S4421494, CVE-2010-4476: infinite loop while parsing double literal.
+ S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
+ S6907662, CVE-2010-4465: Swing timer-based security manager bypass
+ S6994263, CVE-2010-4472: Untrusted code allowed to replace
DSIG/C14N implementation
+ S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
+ S6983554, CVE-2010-4450: Launcher incorrect processing of
empty library path entries
+ S6985453, CVE-2010-4471: Java2D font-related system property leak
+ S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
+ RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes
+ RH676659: Pass -export-dynamic flag to linker using -Wl,
as option in gcc 4.6+ is broken
+ G344659: Fix issue when building on SPARC
+ Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
- debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
zerovm instead to compensate for
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631
Date: Wed, 23 Feb 2011 10:01:27 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.7-0ubuntu1~10.04.1
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Feb 2011 10:01:27 -0800
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.7-0ubuntu1~10.04.1
Distribution: lucid-security
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
openjdk-6-jdk - OpenJDK Development Kit (JDK)
openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes:
openjdk-6 (6b20-1.9.7-0ubuntu1~10.04.1) lucid-security; urgency=low
.
* IcedTea6 1.9.7 release.
- SECURITY UPDATE:
+ S4421494, CVE-2010-4476: infinite loop while parsing double literal.
+ S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
+ S6907662, CVE-2010-4465: Swing timer-based security manager bypass
+ S6994263, CVE-2010-4472: Untrusted code allowed to replace
DSIG/C14N implementation
+ S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
+ S6983554, CVE-2010-4450: Launcher incorrect processing of
empty library path entries
+ S6985453, CVE-2010-4471: Java2D font-related system property leak
+ S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
+ RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes
+ RH676659: Pass -export-dynamic flag to linker using -Wl,
as option in gcc 4.6+ is broken
+ G344659: Fix issue when building on SPARC
+ Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
- debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
zerovm instead to compensate for
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631
Checksums-Sha1:
21c1b0b70fe764f0c85fb7021413f7074dd67047 3077 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc
150395cb29650662384afe0dab4fc16d7ed4c44d 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz
e5d4f1c125efbac9100399182410fe5001ee5ba5 131924 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz
Checksums-Sha256:
faf01e612743f8b1e7981e5f4582402e83e87adf1ad8ce21bd3d32b3cb73d858 3077 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc
fb7e696f7b8019c2a8ac78b4823bb4c91efa62ddde9ff9ed799e62b886d79785 73265927 openjdk-6_6b20-1.9.7.orig.tar.gz
908dfa45e2ffe676151acc192673663e2f293bc2287fe34fd1040ce34e6b99af 131924 openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz
Files:
83502b062785deb8f22fc8e4041b47f9 3077 java optional openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.dsc
c7367808152f71091603546acca43633 73265927 java optional openjdk-6_6b20-1.9.7.orig.tar.gz
fb001ec87e0d1eede115ebea43284a18 131924 java optional openjdk-6_6b20-1.9.7-0ubuntu1~10.04.1.diff.gz
More information about the Lucid-changes
mailing list