[ubuntu/maverick] sun-java6 6.22-0ubuntu1~10.10 (Accepted)

Matthias Klose doko at ubuntu.com
Tue Oct 19 03:50:43 BST 2010 

sun-java6 (6.22-0ubuntu1~10.10) maverick; urgency=low

  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
    - (CVE-2010-3556): JDK unspecified vulnerability in 2D component
    - (CVE-2010-3562): JDK IndexColorModel double-free
    - (CVE-2010-3565): JDK JPEG writeImage remote code execution
    - (CVE-2010-3566): JDK ICC Profile remote code execution
    - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in
                       character counts
    - (CVE-2010-3571): JDK unspecified vulnerability in 2D component
    - (CVE-2010-3554): JDK corba reflection vulnerabilities
    - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
    - (CVE-2010-3568): JDK Deserialization Race condition
    - (CVE-2010-3569): JDK Serialization inconsistencies
    - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component
    - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin
                       component
    - (CVE-2010-3559): JDK unspecified vulnerability in Sound component
    - (CVE-2010-3572): JDK unspecified vulnerability in Sound component
    - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
    - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
    - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component
    - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
    - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving
                       connections from any host
    - (CVE-2009-3555): TLS: MITM attacks via session renegotiation
    - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads
                       to DoS
    - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request
                       splitting)
    - (CVE-2010-3557): JDK Swing mutable static
    - (CVE-2010-3541): limit setting of some request headers in
                       HttpURLConnection
    - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
    - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
    - (CVE-2010-3548): JDK DNS server IP address information leak
    - (CVE-2010-3551): NetworkInterface reveals local network address to
                       untrusted code
    - (CVE-2010-3560): JDK unspecified vulnerability in Networking component

Date: Fri, 15 Oct 2010 16:05:20 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Signed-By: Matthias Klose <matthias.klose at canonical.com>
https://launchpad.net/ubuntu/maverick/+source/sun-java6/6.22-0ubuntu1~10.10
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 15 Oct 2010 16:05:20 +0200
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb
Architecture: source
Version: 6.22-0ubuntu1~10.10
Distribution: maverick
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
 ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
 sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent
 sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
 sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
 sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
 sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen
 sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Changes: 
 sun-java6 (6.22-0ubuntu1~10.10) maverick; urgency=low
 .
   * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
     - (CVE-2010-3556): JDK unspecified vulnerability in 2D component
     - (CVE-2010-3562): JDK IndexColorModel double-free
     - (CVE-2010-3565): JDK JPEG writeImage remote code execution
     - (CVE-2010-3566): JDK ICC Profile remote code execution
     - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in
                        character counts
     - (CVE-2010-3571): JDK unspecified vulnerability in 2D component
     - (CVE-2010-3554): JDK corba reflection vulnerabilities
     - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
     - (CVE-2010-3568): JDK Deserialization Race condition
     - (CVE-2010-3569): JDK Serialization inconsistencies
     - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component
     - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin
                        component
     - (CVE-2010-3559): JDK unspecified vulnerability in Sound component
     - (CVE-2010-3572): JDK unspecified vulnerability in Sound component
     - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
     - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
     - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component
     - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
     - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving
                        connections from any host
     - (CVE-2009-3555): TLS: MITM attacks via session renegotiation
     - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads
                        to DoS
     - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request
                        splitting)
     - (CVE-2010-3557): JDK Swing mutable static
     - (CVE-2010-3541): limit setting of some request headers in
                        HttpURLConnection
     - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
     - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
     - (CVE-2010-3548): JDK DNS server IP address information leak
     - (CVE-2010-3551): NetworkInterface reveals local network address to
                        untrusted code
     - (CVE-2010-3560): JDK unspecified vulnerability in Networking component
Checksums-Sha1: 
 a5ab8bfc47efdc5a0ba3984ec07105e68485d97e 1714 sun-java6_6.22-0ubuntu1~10.10.dsc
 d6f0032323ed0bd7fc00d86776920a48bebe84ba 165194956 sun-java6_6.22.orig.tar.gz
 0ec1544329ff5654bda0b0b95386694ae6feb2c7 87610 sun-java6_6.22-0ubuntu1~10.10.debian.tar.gz
Checksums-Sha256: 
 a25e2bec7e3f07bed9b8799a6ee69f08aa6441ee56f5edae9e15782f978d0d4b 1714 sun-java6_6.22-0ubuntu1~10.10.dsc
 6c144a6524cb811ab4fa67ea857474d231c77222088166660b3957ed6dc1678c 165194956 sun-java6_6.22.orig.tar.gz
 a4174ae31b6d561399ca82f9f9c233603be6b58d40da69a83f48b3b2a82c90be 87610 sun-java6_6.22-0ubuntu1~10.10.debian.tar.gz
Files: 
 977fa7ebd248dc8035ac0b143bf2c8e6 1714 partner/java optional sun-java6_6.22-0ubuntu1~10.10.dsc
 981bd97edf98849f108df9d3d40352bb 165194956 partner/java optional sun-java6_6.22.orig.tar.gz
 72dab8f4c9c3b559e0e97678edf79acd 87610 partner/java optional sun-java6_6.22-0ubuntu1~10.10.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAky5de4ACgkQStlRaw+TLJzX2ACgpgQ89WKGaf8Hi+fhYTksWt1Y
79sAoIJnKsrnmJL8HioO/1FVqIRDufB7
=j/uN
-----END PGP SIGNATURE-----

More information about the Maverick-changes mailing list