[ubuntu/lucid-security] openjdk-6b18 6b18-1.8.10-0ubuntu1~10.04.2 (Accepted)

[Steve Beattie]

openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.2) lucid-security; urgency=low

  * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
    - debian/patches/SOP-bypass-icedtea6-1.8.patch: Remove special
      case for SocketPermission.
    - CVE-2011-3377
    - Applied inline due to needing to apply patches only once for netx,
      not for every vm

openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: IcedTea6 1.8.10 release (LP: #878684)
    - security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer
        overflow
      - S7032417, CVE-2011-3552: excessive default UDP socket limit
        under SecurityManager
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
      - S7046823, CVE-2011-3544: missing SecurityManager checks in
        scripting engine
      - S7055902, CVE-2011-3521: IIOP deserialization code execution
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files
        uncompress error checks
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext
        attack against SSL/TLS (BEAST)
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution
      - S7083012, CVE-2011-3557: RMI registry privileged code execution
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection
    - unapplied previous updates inline changes as they were
      incorporated upstream; remaining changes in Makefile.{in,am} and
      ports/hotspot/make/linux/makefiles/zeroshark.make

Date: Tue, 08 Nov 2011 14:08:52 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2
-------------- next part --------------
Format: 1.8
Date: Tue, 08 Nov 2011 14:08:52 -0800
Source: openjdk-6b18
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b18-1.8.10-0ubuntu1~10.04.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
Launchpad-Bugs-Fixed: 878684
Changes: 
 openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
     - debian/patches/SOP-bypass-icedtea6-1.8.patch: Remove special
       case for SocketPermission.
     - CVE-2011-3377
     - Applied inline due to needing to apply patches only once for netx,
       not for every vm
 .
 openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: IcedTea6 1.8.10 release (LP: #878684)
     - security fixes:
       - S7000600, CVE-2011-3547: InputStream skip() information leak
       - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
       - S7023640, CVE-2011-3551: Java2D TransformHelper integer
         overflow
       - S7032417, CVE-2011-3552: excessive default UDP socket limit
         under SecurityManager
       - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
       - S7046823, CVE-2011-3544: missing SecurityManager checks in
         scripting engine
       - S7055902, CVE-2011-3521: IIOP deserialization code execution
       - S7057857, CVE-2011-3554: insufficient pack200 JAR files
         uncompress error checks
       - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext
         attack against SSL/TLS (BEAST)
       - S7077466, CVE-2011-3556: RMI DGC server remote code execution
       - S7083012, CVE-2011-3557: RMI registry privileged code execution
       - S7096936, CVE-2011-3560: missing checkSetFactory calls in
         HttpsURLConnection
     - unapplied previous updates inline changes as they were
       incorporated upstream; remaining changes in Makefile.{in,am} and
       ports/hotspot/make/linux/makefiles/zeroshark.make
Checksums-Sha1: 
 9d12661f9e6616c42af82a8f39ef93c5eb99ffc3 3148 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.2.dsc
 9238d670c5a5f0aa2b387ddec312c0ac6b3771f7 138725 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.2.diff.gz
Checksums-Sha256: 
 1c6f2833be0872685569af94949aa7aef5273f38d15b8d03d4d5a01e00312b5a 3148 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.2.dsc
 465e979473406576d601c984a27f25c19fdaa3139caaf538536704cc1f4b4763 138725 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.2.diff.gz
Files: 
 b88ac51af6b1b7b1e8bb3326cf1a7cde 3148 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.2.dsc
 03f1389eae08d0c0737b5f189eaac36a 138725 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.04.2.diff.gz
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>