sun-java versions

NoOp glgxg at sbcglobal.net
Sat Jan 23 20:17:05 UTC 2010 

Anyone have a clue as to why the sun-java versions always seem to be out
of wack? For example:

https://launchpad.net/ubuntu/+source/sun-java6
http://packages.ubuntu.com/search?keywords=sun-java6-bin

hardy-updates (libs): Sun Java(TM) Runtime Environment (JRE) 6
(architecture dependent files) [multiverse]
6-17-0ubuntu1.8.04: amd64 i386

jaunty-updates (libs): Sun Java(TM) Runtime Environment (JRE) 6
(architecture dependent files) [multiverse]
6-16-0ubuntu1.9.04: amd64 i386

karmic (libs): Sun Java(TM) Runtime Environment (JRE) 6 (architecture
dependent files) [multiverse]
6-15-1: amd64 i386

lucid (libs): Sun Java(TM) Runtime Environment (JRE) 6 (architecture
dependent files) [multiverse]
6-16-1: amd64 i386

Only hardy has anything close to the most recent version of sun-java6
(6-17 - 6-18 is now out & available from Sun).
Upstream Debian released 6-17 in November:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558173
[Update 17 fixes several security issues]
> Package: sun-java6
> Severity: grave
> Tags: security
> 
> Update 17 fixes a lot of security issues:
> 
>    [58]CVE-2009-3728 Directory traversal vulnerability in the ICC_Profile.getInstance ...
>    [59]CVE-2009-3729 Unspecified vulnerability in the TrueType font parsing functionality ...
>    [60]CVE-2009-3865 The launch method in the Deployment Toolkit plugin in Java Runtime ...
>    [61]CVE-2009-3866 The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...
>    [62]CVE-2009-3867 Stack-based buffer overflow in the HsbParser.getSoundBank function in ...
>    [63]CVE-2009-3868 Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...
>    [64]CVE-2009-3869 Stack-based buffer overflow in the setDiffICM function in the Abstract ...
>    [65]CVE-2009-3871 Heap-based buffer overflow in the setBytePixels function in the ...
>    [66]CVE-2009-3872 Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...
>    [67]CVE-2009-3873 The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...
>    [68]CVE-2009-3874 Integer overflow in the JPEGImageReader implementation in the ImageI/O ...
>    [69]CVE-2009-3875 The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...
>    [70]CVE-2009-3876 Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...
>    [71]CVE-2009-3879 Multiple unspecified vulnerabilities in the (1) X11 and (2) ...
>    [72]CVE-2009-3880 The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...
>    [73]CVE-2009-3881 Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...
>    [74]CVE-2009-3882 Multiple unspecified vulnerabilities in the Swing implementation in ...
>    [75]CVE-2009-3884 The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...
>    [76]CVE-2009-3886 The Java Web Start implementation in Sun Java SE 6 before Update 17 ...

While I don't expect a 6.18
(http://java.sun.com/javase/6/webnotes/6u18.html) to be in the
multiverse repo's so soon, the mix of versions available between hardy
and lucid seems odd.

  I reckon that I'll keep downloading & installing directly from
java.com. Anyone know if Sun has a repository that can be linked to for
updates rather than relying on multiverse?

More information about the ubuntu-users mailing list