[ubuntu/trusty-security] openjdk-6 6b41-1.13.13-0ubuntu0.14.04.1 (Accepted)
sbeattie at ubuntu.com
Thu Feb 16 02:15:58 UTC 2017
openjdk-6 (6b41-1.13.13-0ubuntu0.14.04.1) trusty-security; urgency=medium
* IcedTea 1.13.12 release.
* Security fixes backported from 8u121:
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
extraneous bytes added to them whereas the signature is supposed to be
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
sections to be 2^32-1 bytes long so these should not be uncompressed
unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
deserialize responses from an LDAP server when an LDAP context is
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
users or external applications would interpret them leading to possible
- S8164147, CVE-2017-3261: An integer overflow exists in
SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
deserialized to prevent attacks that could escape the sandbox.
* debian/patches/it-add-cpp-flags.patch: refreshed.
* debian/patches/it-jamvm-2.0.0.patch: refreshed.
* debian/patches/it-emacs-mode.patch: refreshed.
* debian/patches/hotspot-disable-arm32-jit.diff: removed, ARM32 JIT is now
disabled by default on icedtea.
* debian/patches/zero-missing-headers.diff: removed, fix applied upstream.
* debian/repack: fix jamvm url.
Date: 2017-02-14 02:32:24.029765+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes