[ubuntu/lucid-security] openjdk-6 6b27-1.12.6-1ubuntu0.10.04.2 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Tue Jul 23 11:24:19 UTC 2013 

openjdk-6 (6b27-1.12.6-1ubuntu0.10.04.2) lucid-security; urgency=low

  * Backport for lucid
  * Re-enabled testsuite

openjdk-6 (6b27-1.12.6-1ubuntu1) saucy; urgency=low

  * Merge with Debian.

openjdk-6 (6b27-1.12.6-1) unstable; urgency=high

  * IcedTea 1.12.6 release.
  * Security fixes:
    - S6741606, CVE-2013-2407: Integrate Apache Santuario.
    - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls.
    - S7170730, CVE-2013-2451: Improve Windows network stack support.
    - S8000638, CVE-2013-2450: Improve deserialization.
    - S8000642, CVE-2013-2446: Better handling of objects for transportation.
    - S8001032: Restrict object access.
    - S8001033, CVE-2013-2452: Refactor network address handling in virtual
      machine identifiers.
    - S8001034, CVE-2013-1500: Memory management improvements.
    - S8001038, CVE-2013-2444: Resourcefully handle resources.
    - S8001043: Clarify definition restrictions.
    - S8001309: Better handling of annotation interfaces.
    - S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with
      InetAddress.getLocalHost.
    - S8001330, CVE-2013-2443: Improve on checking order.
    - S8003703, CVE-2013-2412: Update RMI connection dialog box.
    - S8004584: Augment applet contextualization.
    - S8005007: Better glyph processing.
    - S8006328, CVE-2013-2448: Improve robustness of sound classes.
    - S8006611: Improve scripting.
    - S8007467: Improve robustness of JMX internal APIs.
    - S8007471: Improve MBean notifications.
    - S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic
      for some classes.
    - S8008120, CVE-2013-2457: Improve JMX class checking.
    - S8008124, CVE-2013-2453: Better compliance testing.
    - S8008128: Better API coherence for JMX.
    - S8008132, CVE-2013-2456: Better serialization support.
    - S8008585: Better JMX data handling.
    - S8008593: Better URLClassLoader resource management.
    - S8008603: Improve provision of JMX providers.
    - S8008611: Better handling of annotations in JMX.
    - S8008615: Improve robustness of JMX internal APIs.
    - S8008623: Better handling of MBeanServers.
    - S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606.
    - S8008982: Adjust JMX for underlying interface changes.
    - S8009004: Better implementation of RMI connections.
    - S8009013: Better handling of T2K glyphs.
    - S8009034: Improve resulting notifications in JMX.
    - S8009038: Improve JMX notification support.
    - S8009067: Improve storing keys in KeyStore.
    - S8009071, CVE-2013-2459: Improve shape handling.
    - S8009235: Improve handling of TSA data.
    - S8011243, CVE-2013-2470: Improve ImagingLib.
    - S8011248, CVE-2013-2471: Better Component Rasters.
    - S8011253, CVE-2013-2472: Better Short Component Rasters.
    - S8011257, CVE-2013-2473: Better Byte Component Rasters.
    - S8012375, CVE-2013-1571: Improve Javadoc framing.
    - S8012421: Better positioning of PairPositioning.
    - S8012438, CVE-2013-2463: Better image validation.
    - S8012597, CVE-2013-2465: Better image channel verification.
    - S8012601, CVE-2013-2469: Better validation of image layouts.
    - S8014281, CVE-2013-2461: Better checking of XML signature.
    - S8015997: Additional improvement in Javadoc framing.
  * Backports:
    - See the NEWS file for a complete list of the backports.

openjdk-6 (6b27-1.12.5-2) unstable; urgency=low

  * Fix -source dependency on -jre to be binNMU safe.

openjdk-6 (6b27-1.12.5-1) unstable; urgency=low

  * IcedTea 1.12.5 release.
  * Security fixes:
    - S6657673, CVE-2013-1518: Issues with JAXP.
    - S7200507: Refactor Introspector internals.
    - S8000724, CVE-2013-2417: Improve networking serialization.
    - S8001031, CVE-2013-2419: Better font processing.
    - S8001040, CVE-2013-1537: Rework RMI model.
    - S8001322: Refactor deserialization.
    - S8001329, CVE-2013-1557: Augment RMI logging.
    - S8003335: Better handling of Finalizer thread.
    - S8003445: Adjust JAX-WS to focus on API.
    - S8003543, CVE-2013-2415: Improve processing of MTOM attachments.
    - S8004261: Improve input validation.
    - S8004336, CVE-2013-2431: Better handling of method handle
      intrinsic frames.
    - S8004986, CVE-2013-2383: Better handling of glyph table.
    - S8004987, CVE-2013-2384: Improve font layout.
    - S8004994, CVE-2013-1569: Improve checking of glyph table.
    - S8005432: Update access to JAX-WS.
    - S8005943: (process) Improved Runtime.exec.
    - S8006309: More reliable control panel operation.
    - S8006435, CVE-2013-2424: Improvements in JMX.
    - S8006790: Improve checking for windows.
    - S8006795: Improve font warning messages.
    - S8007406: Improve accessibility of AccessBridge.
    - S8007617, CVE-2013-2420: Better validation of images.
    - S8007667, CVE-2013-2430: Better image reading.
    - S8007918, CVE-2013-2429: Better image writing.
    - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap.
    - S8009305, CVE-2013-0401: Improve AWT data transfer.
    - S8009699, CVE-2013-2421: Methodhandle lookup.
    - S8009814, CVE-2013-1488: Better driver management.
    - S8009857, CVE-2013-2422: Problem with plugin.
    - RH952389: Temporary files created with insecure permissions.
  * Backports;
    - S7197906: BlockOffsetArray::power_to_cards_back() needs to handle
      > 32 bit shifts
    - S7036559: ConcurrentHashMap footprint and contention improvements.
    - S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom
      BeanInfo: Class param (with WeakCache from S6397609).
    - S6501644: Sync LayoutEngine *code* structure to match ICU.
    - S6886358: Layout code update.
    - S6963811: Deadlock-prone locking changes in Introspector.
    - S7017324: Kerning crash in JDK 7 since ICU layout update.
    - S7064279: Introspector.getBeanInfo() should release some resources
      in timely manner.
    - S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01.
    - S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial
      for S6657673).
    - S8009530: ICU Kern table support broken.
  * Bug fixes:
    - OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906).
    - PR1362: Fedora 19 / rawhide FTBFS SIGILL.
    - PR1338: Remove dependency on libXp.
    - PR1339: Simplify the rhino class rewriter to avoid use of concurrency.
    - PR1319: Correct #ifdef to #if
    - Give xalan/xerces access to their own internal packages.

Date: 2013-07-17 13:00:17.152852+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/openjdk-6/6b27-1.12.6-1ubuntu0.10.04.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Lucid-changes mailing list