[ubuntu/lucid-security] openjdk-6 6b20-1.9.10-0ubuntu1~10.04.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Nov 16 00:10:43 UTC 2011


openjdk-6 (6b20-1.9.10-0ubuntu1~10.04.2) lucid-security; urgency=low

  * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
    - debian/patches/SOP-bypass-icedtea6-1.9.patch: Remove special
      case for SocketPermission.
    - CVE-2011-3377
    - Applied inline due to needing to apply patches only once for netx,
      not for every vm

openjdk-6 (6b20-1.9.10-0ubuntu1~10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: IcedTea6 1.9.10 Release:
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.

Date: Tue, 08 Nov 2011 02:54:46 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2
-------------- next part --------------
Format: 1.8
Date: Tue, 08 Nov 2011 02:54:46 -0800
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.10-0ubuntu1~10.04.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b20-1.9.10-0ubuntu1~10.04.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
     - debian/patches/SOP-bypass-icedtea6-1.9.patch: Remove special
       case for SocketPermission.
     - CVE-2011-3377
     - Applied inline due to needing to apply patches only once for netx,
       not for every vm
 .
 openjdk-6 (6b20-1.9.10-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: IcedTea6 1.9.10 Release:
     - Security fixes:
       - S7000600, CVE-2011-3547: InputStream skip() information leak.
       - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
       - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
       - S7032417, CVE-2011-3552: excessive default UDP socket limit under
         SecurityManager.
       - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
       - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
         engine.
       - S7055902, CVE-2011-3521: IIOP deserialization code execution.
       - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
         error checks.
       - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
         against SSL/TLS (BEAST).
       - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
         PorterStemmer.
       - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
       - S7083012, CVE-2011-3557: RMI registry privileged code execution.
       - S7096936, CVE-2011-3560: missing checkSetFactory calls in
         HttpsURLConnection.
Checksums-Sha1: 
 9f9c948caedfb88b12450ef568245f7722e43f94 3163 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.2.dsc
 78ede6f4dc829677d41dae5f208f78e06caa9bbe 135961 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.2.diff.gz
Checksums-Sha256: 
 d4e080154cf9f7f28877c5c7d715664f632c630c8e1e5591ef8dd654dd51471a 3163 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.2.dsc
 4f546d18cf735c129fd5f605bb00fa019d973fe2a634229c975c2f9ed95ebbc9 135961 openjdk-6_6b20-1.9.10-0ubuntu1~10.04.2.diff.gz
Files: 
 9defc43d58d18375e7324f8d57c5f07d 3163 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.04.2.dsc
 9e4dc9d06a85f775c313dcf0533db8b9 135961 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.04.2.diff.gz
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>


More information about the Lucid-changes mailing list