[ubuntu/oneiric-updates] openjdk-7 7u15-2.3.7-0ubuntu1~11.10 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Feb 21 23:29:29 UTC 2013

openjdk-7 (7u15-2.3.7-0ubuntu1~11.10) oneiric-security; urgency=low

  * Build for oneiric.

openjdk-7 (7u15-2.3.7-1) experimental; urgency=low

  * IcedTea7 2.3.7 release.
  * Security fixes:
    - S8004937, CVE-2013-1484: Improve proxy construction.
    - S8006439, CVE-2013-1485: Improve MethodHandles coverage.
    - S8006446, CVE-2013-1486: Restrict MBeanServer access.
    - S8006777, CVE-2013-0169: Improve TLS handling of invalid messages.
    - S8007688: Blacklist known bad certificate.
  * Backports:
    - S8007393: Possible race condition after JDK-6664509.
    - S8007611: logging behavior in applet changed.
  * For zero builds, use the same hotspot version as in 2.1.6.
  * Reenable bootstrap builds, except for alpha.
  * Explicitly disable building on mips/mipsel.  Not supported by the
    Debian OpenJDK maintainers, the Debian mips porters, or the Debian
    Java team.

openjdk-7 (7u13-2.3.6-1) experimental; urgency=low

  * IcedTea7 2.3.6 release.
    - Disable bootstrap builds, currently broken in IcedTea.
  * Security fixes:
    - S6563318, CVE-2013-0424: RMI data sanitization.
    - S6664509, CVE-2013-0425: Add logging context.
    - S6664528, CVE-2013-0426: Find log level matching its name or value given
      at construction time.
    - S6776941: CVE-2013-0427: Improve thread pool shutdown.
    - S7141694, CVE-2013-0429: Improving CORBA internals.
    - S7173145: Improve in-memory representation of splashscreens.
    - S7186945: Unpack200 improvement.
    - S7186946: Refine unpacker resource usage.
    - S7186948: Improve Swing data validation.
    - S7186952, CVE-2013-0432: Improve clipboard access.
    - S7186954: Improve connection performance.
    - S7186957: Improve Pack200 data validation.
    - S7192392, CVE-2013-0443: Better validation of client keys.
    - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages.
    - S7192977, CVE-2013-0442: Issue in toolkit thread.
    - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies.
    - S7200491: Tighten up JTable layout code.
    - S7200500: Launcher better input validation.
    - S7201064: Better dialogue checking.
    - S7201066, CVE-2013-0441: Change modifiers on unused fields.
    - S7201068, CVE-2013-0435: Better handling of UI elements.
    - S7201070: Serialization to conform to protocol.
    - S7201071, CVE-2013-0433: InetSocketAddress serialization issue.
    - S8000210: Improve JarFile code quality.
    - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class.
    - S8000540, CVE-2013-1475: Improve IIOP type reuse management.
    - S8000631, CVE-2013-1476: Restrict access to class constructor.
    - S8001235, CVE-2013-0434: Improve JAXP HTTP handling.
    - S8001242: Improve RMI HTTP conformance.
    - S8001307: Modify ACC_SUPER behavior.
    - S8001972, CVE-2013-1478: Improve image processing.
    - S8002325, CVE-2013-1480: Improve management of images.
  * Fix font suggestion for indic fonts in wheezy.
  * Fix fontconfig definitions for japanese and korean fonts, fixing
    compilation of the fontconfig file.
  * Add Built-Using: rhino attribute for the -lib package.
  * Don't use concurrent features to rewrite the rhino jar file.
  * Enable class data sharing for the hotspot server VM.

Date: 2013-02-20 23:45:14.268780+00:00
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Oneiric-changes mailing list