[ubuntu/maverick-security] openjdk-6 6b20-1.9.10-0ubuntu1~10.10.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Nov 16 00:08:52 UTC 2011 

openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.2) maverick-security; urgency=low

  * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
    - debian/patches/SOP-bypass-icedtea6-1.9.patch: Remove special
      case for SocketPermission.
    - CVE-2011-3377
    - Applied inline due to needing to apply patches only once for netx,
      not for every vm

openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: IcedTea6 1.9.10 Release:
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.

Date: Tue, 08 Nov 2011 12:24:08 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2
-------------- next part --------------
Format: 1.8
Date: Tue, 08 Nov 2011 12:24:08 -0800
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b20-1.9.10-0ubuntu1~10.10.2
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.2) maverick-security; urgency=low
 .
   * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
     - debian/patches/SOP-bypass-icedtea6-1.9.patch: Remove special
       case for SocketPermission.
     - CVE-2011-3377
     - Applied inline due to needing to apply patches only once for netx,
       not for every vm
 .
 openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: IcedTea6 1.9.10 Release:
     - Security fixes:
       - S7000600, CVE-2011-3547: InputStream skip() information leak.
       - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
       - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
       - S7032417, CVE-2011-3552: excessive default UDP socket limit under
         SecurityManager.
       - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
       - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
         engine.
       - S7055902, CVE-2011-3521: IIOP deserialization code execution.
       - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
         error checks.
       - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
         against SSL/TLS (BEAST).
       - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
         PorterStemmer.
       - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
       - S7083012, CVE-2011-3557: RMI registry privileged code execution.
       - S7096936, CVE-2011-3560: missing checkSetFactory calls in
         HttpsURLConnection.
Checksums-Sha1: 
 fbc458c8edf80fccfeac9573f40edb0e629ba395 3122 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.2.dsc
 c529af1c4c8c2042cd83d191f39f03281a2386de 138883 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.2.diff.gz
Checksums-Sha256: 
 3a769979c0286fc368482d6e749aa5071d5d490ce1beba7c6a03c1a517346067 3122 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.2.dsc
 fa990cf0982aa7b5c0986e317d8d2d5245c2ff04637e0ae93f2bd3e8d7f76f6d 138883 openjdk-6_6b20-1.9.10-0ubuntu1~10.10.2.diff.gz
Files: 
 22795a87f555924472147d0ea69b7938 3122 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.10.2.dsc
 5eeaa5e60c6d9bb1ae3c37e114c13919 138883 java optional openjdk-6_6b20-1.9.10-0ubuntu1~10.10.2.diff.gz
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>

More information about the Maverick-changes mailing list