[ubuntu/precise-security] openjdk-6 6b41-1.13.13-0ubuntu0.12.04.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Feb 16 02:15:56 UTC 2017

openjdk-6 (6b41-1.13.13-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.

openjdk-6 (6b41-1.13.13-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * IcedTea 1.13.12 release.
  * Security fixes backported from 8u121:
    - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
      extraneous bytes added to them whereas the signature is supposed to be
    - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
      sections to be 2^32-1 bytes long so these should not be uncompressed
      unless the user explicitly requests it.
    - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
      leak information about k.
    - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
      deserialize responses from an LDAP server when an LDAP context is
    - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
      users or external applications would interpret them leading to possible
      security issues.
    - S8164147, CVE-2017-3261: An integer overflow exists in
      SocketOutputStream which can lead to memorydisclosure.
    - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
      dispatch HTTP GET requests where the invoker does not have permission.
    - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
      long running sessions are allowed.
    - S8165344, CVE-2017-3272: A protected field can be leveraged into type
    - S8156802, CVE-2017-3241: RMI deserialization should limit the types
      deserialized to prevent attacks that could escape the sandbox.
  * debian/patches/it-add-cpp-flags.patch: refreshed.
  * debian/patches/it-jamvm-2.0.0.patch: refreshed.
  * debian/patches/it-emacs-mode.patch: refreshed.
  * debian/patches/hotspot-disable-arm32-jit.diff: removed, ARM32 JIT is now
    disabled by default on icedtea.
  * debian/patches/zero-missing-headers.diff: removed, fix applied upstream.
  * debian/repack: fix jamvm url.

openjdk-6 (6b40-1.13.12-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * Backported security fixes from 8u111:
    - CVE-2016-5582, S8160591: Improve internal array handling.
    - CVE-2016-5573, S8159519: Reformat JDWP messages.
    - CVE-2016-5597, S8160838: Better HTTP service.
    - CVE-2016-5554, S8157739: Classloader Consistency Checking.
    - CVE-2016-5542, S8155973: Tighten jar checks.

openjdk-6 (6b40-1.13.12-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * Disable precompiled header for arm64 (LP: #1617379)
    - debian/rules: replace DISABLE_PRECOMPILED_HEADER=1 with
      USE_PRECOMPILED_HEADER=0 and apply no-pch-build.diff as 
      well as zero-missing-headers.diff
    - debian/patches/no-pch-build.diff: include missing psOldGen.hpp to
      various headers
    - debian/patches/zero-missing-headers.diff: missing headers for zero
  * Create watch file for package updates
    - debian/watch: fetch newest icedtea and call debian/repack
    - debian/repack: unpack icedtea tarball, parse the Makefile.am,
      download the right version of openjdk-6-src/cacao/jamvm, repack
  * debian/rules:
    - extract OPENJDK_VERSION from changelog
    - remove dependency on OPENJDK_SRC_ZIP and use OPENJDK_VERSION to
      select the right tarball
    - remove hs20 hotspot rules as we are only relying on "original"
    - call autogen.sh during the build and remove auto-generated files
  * Updated source format to 3.0 (quilt)
    - patches/it-add-cpp-flags.patch: added.
    - patches/it-automake-1.11.patch: added.
    - patches/it-emacs-mode.patch: added.
    - patches/it-enable-aarch64.patch: added.
    - patches/it-jamvm-2.0.0.patch: added.
    - patches/icedtea-patch.diff: removed.

openjdk-6 (6b40-1.13.12-0ubuntu0.14.04.1) trusty-security; urgency=low

  * IcedTea 1.13.12 release.
  * Security fixes
    - S8079718, CVE-2016-3458: IIOP Input Stream Hooking
    - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
    - S8147771: Construction of static protection domains under Javax
      custom policy
    - S8148872, CVE-2016-3500: Complete name checking
    - S8149962, CVE-2016-3508: Better delineation of XML processing
    - S8150752: Share Class Data
    - S8151925: Font reference improvements
    - S8152479, CVE-2016-3550: Coded byte streams
    - S8155981, CVE-2016-3606: Bolster bytecode verification
  * icedtea-patch.diff: updated to use new build variables; removed ecj
    override as it is applied upstream
  * debian/patches/icedtea-pretend-memory.diff: updated patch to reflect
    changes in openjdk-6
  * debian/rules: disable headers for arm64; updated to use new 
    openjdk-6-6b40 tarball

Date: 2017-02-14 02:32:13.278648+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list