[ubuntu/precise] openjdk-6 6b23~pre11-0ubuntu1 (Accepted)

Matthias Klose doko at ubuntu.com
Wed Oct 19 16:35:38 UTC 2011


openjdk-6 (6b23~pre11-0ubuntu1) precise; urgency=low

  * Update from the IcedTea6 branch (20111019).
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.
    - Update JamVM.
      - Implement classlibCheckIfOnLoad().
      - Make thread states JVMTI compatible.
      - Handle 'g' when specifying memory + extra checks.
      - Make command line compatibility options table-driven.
    - Update CACAO.

Date: Wed, 19 Oct 2011 18:03:26 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
https://launchpad.net/ubuntu/precise/+source/openjdk-6/6b23~pre11-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 19 Oct 2011 18:03:26 +0200
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea-6-jre-cacao icedtea-6-jre-jamvm openjdk-6-jre-zero
Architecture: source
Version: 6b23~pre11-0ubuntu1
Distribution: precise
Urgency: low
Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description: 
 icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao
 icedtea-6-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b23~pre11-0ubuntu1) precise; urgency=low
 .
   * Update from the IcedTea6 branch (20111019).
     - Security fixes:
       - S7000600, CVE-2011-3547: InputStream skip() information leak.
       - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
       - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
       - S7032417, CVE-2011-3552: excessive default UDP socket limit under
         SecurityManager.
       - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
       - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
         engine.
       - S7055902, CVE-2011-3521: IIOP deserialization code execution.
       - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
         error checks.
       - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
         against SSL/TLS (BEAST).
       - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
         PorterStemmer.
       - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
       - S7083012, CVE-2011-3557: RMI registry privileged code execution.
       - S7096936, CVE-2011-3560: missing checkSetFactory calls in
         HttpsURLConnection.
     - Update JamVM.
       - Implement classlibCheckIfOnLoad().
       - Make thread states JVMTI compatible.
       - Handle 'g' when specifying memory + extra checks.
       - Make command line compatibility options table-driven.
     - Update CACAO.
Checksums-Sha1: 
 1aa80d45af244ea8ae593a162af0ac7bdccd44a0 2528 openjdk-6_6b23~pre11-0ubuntu1.dsc
 fda896ea62ab7389f283d42a91d1e105fdad9c18 66658463 openjdk-6_6b23~pre11.orig.tar.gz
 1c7e9fe2f72a69f405cf091e5b421759fb77b483 138662 openjdk-6_6b23~pre11-0ubuntu1.diff.gz
Checksums-Sha256: 
 db8c392205c169d2899c03f382ff51bc5c4489cae8a1be4a500fbfea9d076c8c 2528 openjdk-6_6b23~pre11-0ubuntu1.dsc
 aa1505ea0dfb1eb522152351821d4e29f30f3a8a02e802cba08256f4a174dfcd 66658463 openjdk-6_6b23~pre11.orig.tar.gz
 ffffc01d49e9155f11362b8a1c8a5e7798e0e6365f64821d8b7e6b519139b5f1 138662 openjdk-6_6b23~pre11-0ubuntu1.diff.gz
Files: 
 22b83963dbe8656fb94e1425915b68ac 2528 java optional openjdk-6_6b23~pre11-0ubuntu1.dsc
 b6a8ead27dc63b15d0be6ef645367e0b 66658463 java optional openjdk-6_6b23~pre11.orig.tar.gz
 51bbb2f1da7a0be3cd0159af54ad6475 138662 java optional openjdk-6_6b23~pre11-0ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6e+ysACgkQStlRaw+TLJyHGgCeLvQ+kt2lgUIaPQflovtYyvFY
qQUAoKJFrvJ/xb/rDsunWaUb4ac0ai6t
=/5+/
-----END PGP SIGNATURE-----


More information about the Precise-changes mailing list