sun-java versions
NoOp
glgxg at sbcglobal.net
Sat Jan 23 20:17:05 UTC 2010
Anyone have a clue as to why the sun-java versions always seem to be out
of wack? For example:
https://launchpad.net/ubuntu/+source/sun-java6
http://packages.ubuntu.com/search?keywords=sun-java6-bin
hardy-updates (libs): Sun Java(TM) Runtime Environment (JRE) 6
(architecture dependent files) [multiverse]
6-17-0ubuntu1.8.04: amd64 i386
jaunty-updates (libs): Sun Java(TM) Runtime Environment (JRE) 6
(architecture dependent files) [multiverse]
6-16-0ubuntu1.9.04: amd64 i386
karmic (libs): Sun Java(TM) Runtime Environment (JRE) 6 (architecture
dependent files) [multiverse]
6-15-1: amd64 i386
lucid (libs): Sun Java(TM) Runtime Environment (JRE) 6 (architecture
dependent files) [multiverse]
6-16-1: amd64 i386
Only hardy has anything close to the most recent version of sun-java6
(6-17 - 6-18 is now out & available from Sun).
Upstream Debian released 6-17 in November:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558173
[Update 17 fixes several security issues]
> Package: sun-java6
> Severity: grave
> Tags: security
>
> Update 17 fixes a lot of security issues:
>
> [58]CVE-2009-3728 Directory traversal vulnerability in the ICC_Profile.getInstance ...
> [59]CVE-2009-3729 Unspecified vulnerability in the TrueType font parsing functionality ...
> [60]CVE-2009-3865 The launch method in the Deployment Toolkit plugin in Java Runtime ...
> [61]CVE-2009-3866 The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...
> [62]CVE-2009-3867 Stack-based buffer overflow in the HsbParser.getSoundBank function in ...
> [63]CVE-2009-3868 Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...
> [64]CVE-2009-3869 Stack-based buffer overflow in the setDiffICM function in the Abstract ...
> [65]CVE-2009-3871 Heap-based buffer overflow in the setBytePixels function in the ...
> [66]CVE-2009-3872 Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...
> [67]CVE-2009-3873 The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...
> [68]CVE-2009-3874 Integer overflow in the JPEGImageReader implementation in the ImageI/O ...
> [69]CVE-2009-3875 The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...
> [70]CVE-2009-3876 Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...
> [71]CVE-2009-3879 Multiple unspecified vulnerabilities in the (1) X11 and (2) ...
> [72]CVE-2009-3880 The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...
> [73]CVE-2009-3881 Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...
> [74]CVE-2009-3882 Multiple unspecified vulnerabilities in the Swing implementation in ...
> [75]CVE-2009-3884 The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...
> [76]CVE-2009-3886 The Java Web Start implementation in Sun Java SE 6 before Update 17 ...
While I don't expect a 6.18
(http://java.sun.com/javase/6/webnotes/6u18.html) to be in the
multiverse repo's so soon, the mix of versions available between hardy
and lucid seems odd.
I reckon that I'll keep downloading & installing directly from
java.com. Anyone know if Sun has a repository that can be linked to for
updates rather than relying on multiverse?
More information about the ubuntu-users
mailing list