[ubuntu/precise-security] openjdk-7 7u121-2.6.8-1ubuntu0.12.04.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Nov 17 18:50:23 UTC 2016

openjdk-7 (7u121-2.6.8-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.

openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04.
  * IcedTea release 2.6.8 (based on 7u121):
  * Security fixes
    - S8151921: Improved page resolution
    - S8155968: Update command line options
    - S8155973, CVE-2016-5542: Tighten jar checks
    - S8157176: Improved classfile parsing
    - S8157739, CVE-2016-5554: Classloader Consistency Checking
    - S8157749: Improve handling of DNS error replies
    - S8157753: Audio replay enhancement
    - S8157759: LCMS Transform Sampling Enhancement
    - S8157764: Better handling of interpolation plugins
    - S8158302: Handle contextual glyph substitutions
    - S8158993, CVE-2016-5568: Service Menu services
    - S8159495: Fix index offsets
    - S8159503: Amend Annotation Actions
    - S8159511: Stack map validation
    - S8159515: Improve indy validation
    - S8159519, CVE-2016-5573: Reformat JDWP messages
    - S8160090: Better signature handling in pack200
    - S8160094: Improve pack200 layout
    - S8160098: Clean up color profiles
    - S8160591, CVE-2016-5582: Improve internal array handling
    - S8160838, CVE-2016-5597: Better HTTP service
    - PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()

openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium

  * IcedTea release 2.6.8 (based on 7u121):

openjdk-7 (7u111-2.6.7-3) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Don't use precompiled header files on arm64.
  * Update the sec-webrev-8u111-S8159503.hotspot patch.

openjdk-7 (7u111-2.6.7-2) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Backported security fixes from 8u111:
    - CVE-2016-5568, S8158993: Service Menu services.
    - CVE-2016-5582, S8160591: Improve internal array handling.
    - CVE-2016-5573, S8159519: Reformat JDWP messages.
    - CVE-2016-5597, S8160838: Better HTTP service.
    - CVE-2016-5554, S8157739: Classloader Consistency Checking.
    - CVE-2016-5542, S8155973: Tighten jar checks.
  * debian/rules:
    - removed lcms version 1 option as no current release uses that, lcms2
      is now default.
    - removed in-tree/system lcms selection to always use system's lcms.
    - removed all cacao references except for the transitional cacao package.
    - updated jtreg tests to use othervm.
    - simplified rhino and libcups dependency selection.
  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
    as it probably means that the build failed - otherwise buildwatch keeps
    the builder alive until it exits after the timer (3 hours by default)
  * debian/control.in: removed cacao references.
  * debian/README.source: removed cacao references.
  * debian/patches/cacao-armv4.diff: deleted file.
  * Makefile.am: remove -samevm
  * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM
    after the introduction of two new Unsafe methods in the OpenJDK
    hotspot. Closes: #833933. (LP: #1611598)

  [ Matthias Klose ]
  * Fix building the -dbg package depending on the debhelper level.

openjdk-7 (7u111-2.6.7-1) experimental; urgency=medium

  [ Matthias Klose ]
  * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used
    (Andreas Beckmann). Closes: #821858.
  * Add missing includes for aarch64 hotspot backport (building without pch).
  * Use in-tree lcms for backports.

  [ Tiago Stürmer Daitx ]
  * IcedTea release 2.6.7 (based on 7u111):
  * Security fixes
    - S8079718, CVE-2016-3458: IIOP Input Stream Hooking
    - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
    - S8147771: Construction of static protection domains under Javax
      custom policy
    - S8148872, CVE-2016-3500: Complete name checking
    - S8149962, CVE-2016-3508: Better delineation of XML processing
    - S8150752: Share Class Data
    - S8151925: Font reference improvements
    - S8152479, CVE-2016-3550: Coded byte streams
    - S8155981, CVE-2016-3606: Bolster bytecode verification
    - S8155985, CVE-2016-3598: Persistent Parameter Processing
    - S8158571, CVE-2016-3610: Additional method handle validation
  * debian/rules:
    - Create symbolic link in source package (thanks Avinash).
      Closes: #832720.
  * debian/JB-jre-headless.prerm.in: check for /var/lib/binfmts/jar
    instead of /var/lib/binfmts/@basename@ before removing jar entry
    from binfmts. Closes: #821146.

Date: 2016-11-16 00:05:14.575863+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list