[ubuntu/maverick-security] openjdk-6b18 6b18-1.8.10-0ubuntu1~10.10.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Wed Nov 16 00:10:06 UTC 2011 

openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.2) maverick-security; urgency=low

  * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
    - debian/patches/SOP-bypass-icedtea6-1.8.patch: Remove special
      case for SocketPermission.
    - CVE-2011-3377
    - Applied inline due to needing to apply patches only once for netx,
      not for every vm build.

openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: IcedTea6 1.8.10 release (LP: #878684)
    - security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer
        overflow
      - S7032417, CVE-2011-3552: excessive default UDP socket limit
        under SecurityManager
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
      - S7046823, CVE-2011-3544: missing SecurityManager checks in
        scripting engine
      - S7055902, CVE-2011-3521: IIOP deserialization code execution
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files
        uncompress error checks
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext
        attack against SSL/TLS (BEAST)
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution
      - S7083012, CVE-2011-3557: RMI registry privileged code execution
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection
    - unapplied previous updates inline changes as they were
      incorporated upstream; remaining changes in Makefile.{in,am} and
      ports/hotspot/make/linux/makefiles/zeroshark.make

Date: Tue, 08 Nov 2011 02:44:14 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2
-------------- next part --------------
Format: 1.8
Date: Tue, 08 Nov 2011 02:44:14 -0800
Source: openjdk-6b18
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-demo openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero
Architecture: source
Version: 6b18-1.8.10-0ubuntu1~10.10.2
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
Launchpad-Bugs-Fixed: 878684
Changes: 
 openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.2) maverick-security; urgency=low
 .
   * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
     - debian/patches/SOP-bypass-icedtea6-1.8.patch: Remove special
       case for SocketPermission.
     - CVE-2011-3377
     - Applied inline due to needing to apply patches only once for netx,
       not for every vm build.
 .
 openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: IcedTea6 1.8.10 release (LP: #878684)
     - security fixes:
       - S7000600, CVE-2011-3547: InputStream skip() information leak
       - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
       - S7023640, CVE-2011-3551: Java2D TransformHelper integer
         overflow
       - S7032417, CVE-2011-3552: excessive default UDP socket limit
         under SecurityManager
       - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
       - S7046823, CVE-2011-3544: missing SecurityManager checks in
         scripting engine
       - S7055902, CVE-2011-3521: IIOP deserialization code execution
       - S7057857, CVE-2011-3554: insufficient pack200 JAR files
         uncompress error checks
       - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext
         attack against SSL/TLS (BEAST)
       - S7077466, CVE-2011-3556: RMI DGC server remote code execution
       - S7083012, CVE-2011-3557: RMI registry privileged code execution
       - S7096936, CVE-2011-3560: missing checkSetFactory calls in
         HttpsURLConnection
     - unapplied previous updates inline changes as they were
       incorporated upstream; remaining changes in Makefile.{in,am} and
       ports/hotspot/make/linux/makefiles/zeroshark.make
Checksums-Sha1: 
 25e7e5f89478d4508ad494b889700209a73a2ed1 3125 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.2.dsc
 07bf5636544ed9a1d61455d6229045cd63deed4f 141597 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.2.diff.gz
Checksums-Sha256: 
 c4f1e01b5320a4f1bd22df28a427ebf57759be355c7b4746acf2abf6a9b751aa 3125 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.2.dsc
 c6093f8c40de73ede6b34a53276e0f566a39481acee28aa39541b9f1ee565a37 141597 openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.2.diff.gz
Files: 
 646936d4b1359ed9bc0ec86a6571a32d 3125 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.2.dsc
 e57399ae482cbcb0d15efe0195520584 141597 java optional openjdk-6b18_6b18-1.8.10-0ubuntu1~10.10.2.diff.gz
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>

More information about the Maverick-changes mailing list