[ubuntu/quantal-security] openjdk-6 6b27-1.12.6-1ubuntu0.12.10.4 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Nov 21 22:31:48 UTC 2013

openjdk-6 (6b27-1.12.6-1ubuntu0.12.10.4) quantal-security; urgency=low

  * SECURITY UPDATE: debian/patches/ubuntu-security-0001-e98b0ef70b26.patch:
    http://icedtea.classpath.org/hg/icedtea6/rev/e98b0ef70b26 and IcedTea
    - S8006900, CVE-2013-3829: Add new date/time capability
    - S8008589: Better MBean permission validation
    - S8011071, CVE-2013-5780: Better crypto provider handling
    - S8011081, CVE-2013-5772: Improve jhat
    - S8011157, CVE-2013-5814: Improve CORBA portablility
    - S8012071, CVE-2013-5790: Better Building of Beans
    - S8012147: Improve tool support
    - S8012277: CVE-2013-5849: Improve AWT DataFlavor
    - S8012425, CVE-2013-5802: Transform TransformerFactory
    - S8013503, CVE-2013-5851: Improve stream factories
    - S8013506: Better Pack200 data handling
    - S8013510, CVE-2013-5809: Augment image writing code
    - S8013514: Improve stability of cmap class
    - S8013739, CVE-2013-5817: Better LDAP resource management
    - S8013744, CVE-2013-5783: Better tabling for AWT
    - S8014085: Better serialization support in JMX classes
    - S8014093, CVE-2013-5782: Improve parsing of images
    - S8014102, CVE-2013-5778: Improve image conversion
    - S8014341, CVE-2013-5803: Better service from Kerberos servers
    - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some
      class loader configurations
    - S8014530, CVE-2013-5825: Better digital signature processing
    - S8014534: Better profiling support
    - S8014987, CVE-2013-5842: Augment serialization handling
    - S8015731: Subject java.security.auth.subject to improvements
    - S8015743, CVE-2013-5774: Address internet addresses
    - S8016256: Make finalization final
    - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in
    - S8016675, CVE-2013-5797: Make Javadoc pages more robust
    - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately
    - S8017287, CVE-2013-5829: Better resource disposal
    - S8017291, CVE-2013-5830: Cast Proxies Aside
    - S8017298, CVE-2013-4002: Better XML support
    - S8017300, CVE-2013-5784: Improve Interface Implementation
    - S8017505, CVE-2013-5820: Better Client Service
    - S8019292: Better Attribute Value Exceptions
    - S8019617: Better view of objects
    - S8020293: JVM crash
    - S8021290, CVE-2013-5823: Better signature validation
    - S8022940: Enhance CORBA translations
    - S8023683: Enhance class file parsing
  * Add the following from IcedTea 1.11.4 that were included in the
    Makefile.am update in e98b0ef70b26 but missing from the commit:
    - 7196533-timezone_bottleneck.patch
    - 8002070-remove_logger_stack_search.patch
    - 8010118-caller_sensitive.patch
    - oj6-19-fix_8010118_test_cases.patch
    - 8011990-logger_test_urls.patch
    - 8013380-logger_stack_walk_glassfish.patch
    - 8014745-logger_stack_walk_switch.patch
    - 8012243-serial_regression.patch
    - 8011139-revise_checking_getenclosingclass.patch
    Do not apply the following in Makefile.am:
    - 7182135-impossible_to_use_some_editors_directly.patch: applied elsewhere
    - 8015614-update_build.patch: not supplied (MS only)
    - 8023457-tracing_mutex.patch: code not present (Stacktrace_lock)
    - 8020943-memory_leak.patch: code not present (gcNotifier.cpp)
    - 8023478-hs_crash.patch: code not present (gcNotifier.cpp)
    The following patches update javap for added functionality and
    non-security bug fixes but cause testsuite regressions. Ship the patches,
    but don't apply them in Makefile.am for now. These may be reenabled in a
    future update once the testsuite issues are resolved:
    - 4075303-javap_update.patch
    - 4111861-static_fields.patch
    - 4501661-disallow_mixing.patch
    - 4884240-javap_additional_option.patch
    - 6708729-javap_makefile_update.patch
    - 6715767-javap_crash.patch
    - 6819246-javap_instruction_decoding.patch
    - 6824493-experimental.patch
    - 6843013-missing_experimental.patch
    - 6852856-javap_subclasses.patch
    - 6867671-javap_whitespace.patch
    - 6868539-constant_pool_tags.patch
    - 6902264-fix_indentation.patch
    - 6708729-javap_makefile_update.patch
    - 6841420-classfile_methods.patch
    - 6841419-classfile_iterator.patch
    In addition to the above:
    - [UBUNTU]: refresh patches/openjdk/8024914-swapped_usage.patch
  * debian/patches/atk-wrapper-security.patch: refresh for the above
  * debian/patches/ubuntu-security-0002-update-use-idx_t.patch: refresh
    patches/use-idx_t.patch for the above
  * debian/patches/ubuntu-security-0003-update-7162902-corba_fixes.patch:
    refresh patches/openjdk/7162902-corba_fixes.patch for the above
  * debian/patches/ubuntu-security-9999-Makefile.in.patch: updated for changes
    to Makefile.am in ubuntu-security-0001-e98b0ef70b26.patch
  * debian/rules: adjust so that debian/patches/ubuntu-security-NNNN- are
    automatically applied before running configure
    - add ubuntu-security and stamps/ubuntu-security-stamp targets to apply
      patches in debian/patches/ubuntu-security-*
    - have stamps/icedtea-configure depend on stamps/ubuntu-security-stamp
    - adjust debian-clean to unapply ubuntu-security patches

Date: 2013-11-16 16:32:14.111181+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Quantal-changes mailing list