[ubuntu/trusty-security] openjdk-7 7u131-2.6.9-0ubuntu0.14.04.1 (Accepted)
sbeattie at ubuntu.com
Mon May 15 23:40:55 UTC 2017
openjdk-7 (7u131-2.6.9-0ubuntu0.14.04.1) trusty-security; urgency=medium
* IcedTea release 2.6.9 (based on 7u131):
* Security fixes
- S8167110, CVE-2017-3514: Windows peering issue.
- S8163528, CVE-2017-3511: Better library loading.
- S8169011, CVE-2017-3526: Resizing XML parse trees.
- S8163520, CVE-2017-3509: Reuse cache entries.
- S8171533, CVE-2017-3544: Better email transfer.
- S8170222, CVE-2017-3533: Better transfers of files.
- S8171121, CVE-2017-3539: Enhancing jar checking.
- S8172299: Improve class processing.
* debian/compat: updated from 5 to 9.
* debian/watch: using watch version 4 to download both icedtea and
icedtea-sound. LP: #1642420.
* debian/repack: simplified tarball download.
- removed 8u121 patches as they have been applied to 7u131.
- building icedtea-sound on build/ directory
- replaced 'dh_strip -k' calls by dh_prep
- have the 'build' rule depend on 'debian/control' rule to force
failure if debian/control gets regenerated.
- added file 'security/blacklisted.cert' to be copied to etc dir
(introduced by S8011402).
- simplified build dependencies.
- removed jtreg's xvfb-run call since icedtea takes care of calling it.
- removed window manager as there are no additional significant failures
on the jdk tests when not running one.
- re-enabled jdk jtreg tests.
- removed lpia arch.
- use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional
- drop Recommends on obsolete GNOME libraries so they are not in a
default GNOME desktop installation (Simon McVittie). Closes: #850270.
+ sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
over obsolete libgconf2-4.
+ sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
+ sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
* debian/control.in: added static build dependencies as their previous
selection logic in debian/rules is no longer required.
* debian/control: regenerated.
* debian/patches/icedtea-sound.diff: removed, now packing icedtea-sound
1.0.1 which includes those fixes.
* debian/upstream/signing-key.asc: add new signing key.
openjdk-7 (7u121-2.6.8-3) UNRELEASED; urgency=medium
* Remove obsolete changelog entries from previous release.
openjdk-7 (7u121-2.6.8-2) experimental; urgency=high
[ Tiago Stürmer Daitx ]
* Security fixes from 8u121:
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
required call to super.init allowing for uninitialized objects to be
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
extraneous bytes added to them whereas the signature is supposed to be
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
sections to be 2^32-1 bytes long so these should not be uncompressed
unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
deserialize responses from an LDAP server when an LDAP context is
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
users or external applications would interpret them leading to possible
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
into the size argument of a new byte without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
deserialized to prevent attacks that could escape the sandbox.
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
leak information about k.
Date: 2017-05-12 03:35:13.935487+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes