[ubuntu/natty-security] openjdk-6 6b22-1.10.4-0ubuntu1~11.04.1 (Accepted)

Matthias Klose doko at ubuntu.com
Wed Nov 16 00:07:14 UTC 2011 

openjdk-6 (6b22-1.10.4-0ubuntu1~11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: IcedTea6 1.10.4 Release:
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.

Date: Sat, 22 Oct 2011 12:07:52 +0000
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1
-------------- next part --------------
Format: 1.8
Date: Sat, 22 Oct 2011 12:07:52 +0000
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea-6-jre-cacao icedtea-6-jre-jamvm openjdk-6-jre-zero
Architecture: source
Version: 6b22-1.10.4-0ubuntu1~11.04.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea-6-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b22-1.10.4-0ubuntu1~11.04.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: IcedTea6 1.10.4 Release:
     - Security fixes:
       - S7000600, CVE-2011-3547: InputStream skip() information leak.
       - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
       - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
       - S7032417, CVE-2011-3552: excessive default UDP socket limit under
         SecurityManager.
       - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
       - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
         engine.
       - S7055902, CVE-2011-3521: IIOP deserialization code execution.
       - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
         error checks.
       - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
         against SSL/TLS (BEAST).
       - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
         PorterStemmer.
       - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
       - S7083012, CVE-2011-3557: RMI registry privileged code execution.
       - S7096936, CVE-2011-3560: missing checkSetFactory calls in
         HttpsURLConnection.
Checksums-Sha1: 
 f437358de4fd05d4806b87d951d124bead89982c 3082 openjdk-6_6b22-1.10.4-0ubuntu1~11.04.1.dsc
 6fc035825580418609fbe46316488b49f6a7d1e4 74288913 openjdk-6_6b22-1.10.4.orig.tar.gz
 0cde0e7a4221f599055575d30d2dcdb1bae258af 137886 openjdk-6_6b22-1.10.4-0ubuntu1~11.04.1.diff.gz
Checksums-Sha256: 
 2657b43c0565999fb63b3b22b3af7e5137130f310dba07b58b9ca36353a9ae45 3082 openjdk-6_6b22-1.10.4-0ubuntu1~11.04.1.dsc
 41cde43c5da16e317b5769f120bacf4eb07b58a40b8179ae17ad70927eaaf811 74288913 openjdk-6_6b22-1.10.4.orig.tar.gz
 ec2bf0bffc5902b86a33535f532f514d97c1dfd73f5c50a2eee1a1f3bfd8864c 137886 openjdk-6_6b22-1.10.4-0ubuntu1~11.04.1.diff.gz
Files: 
 b2bae67bc6fa4e463258eb343a9e17b1 3082 java optional openjdk-6_6b22-1.10.4-0ubuntu1~11.04.1.dsc
 528f753e3c09bfe2a494f728423f5388 74288913 java optional openjdk-6_6b22-1.10.4.orig.tar.gz
 7a4a586e94a351a947caf3aa1f58d410 137886 java optional openjdk-6_6b22-1.10.4-0ubuntu1~11.04.1.diff.gz
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>

More information about the Natty-changes mailing list