Change log for sun-java6 package in Debian
| 1 → 31 of 31 results | First • Previous • Next • Last |
| Published in lenny-release |
sun-java6 (6-26-0lenny1) oldstable; urgency=high
[ Sylvestre Ledru ]
* New upstream release (Closes: #629852)
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2011-0862): integer overflows in JPEGImageReader and font
SunLayoutEngine (2D, 7013519)
- (CVE-2011-0873): unspecified vulnerability fixed in 6u26 (2D)
- (CVE-2011-0815): FileDialog.show() buffer overflow (AWT, 7012520)
- (CVE-2011-0817): unspecified vulnerabilities fixed in 6u26 (Deployment,
JRE)
- (CVE-2011-0863): unspecified vulnerability fixed in 6u26 (Deployment)
- (CVE-2011-0864): JVM memory corruption via certain bytecode (HotSpot,
7020373)
- (CVE-2011-0802): unspecified vulnerabilities fixed in 6u26 (Sound)
- (CVE-2011-0814): unspecified vulnerabilities fixed in 6u26 (Sound)
- (CVE-2011-0871): MediaTracker created Component instances with
unnecessary privileges (Swing, 7020198)
- (CVE-2011-0786): unspecified vulnerabilities fixed in 6u26 (Deployment,
JRE)
- (CVE-2011-0788): unspecified vulnerabilities fixed in 6u26 (Deployment,
JRE)
- (CVE-2011-0866): unspecified vulnerabilities fixed in 6u26 (Deployment,
JRE)
- (CVE-2011-0868): incorrect numeric type conversion in TransformHelper
(2D, 7016495)
- (CVE-2011-0872): non-blocking sockets incorrectly selected for reading
(NIO, 6213702)
- (CVE-2011-0867): NetworkInterface information leak (Networking, 7013969)
- (CVE-2011-0869): unprivileged proxy settings change via SOAPConnection
(SAAJ, 7013971)
- (CVE-2011-0865): Deserialization allows creation of mutable SignedObject
(Deserialization, 6618658)
[ Torsten Werner ]
* Upload to oldstable.
-- Torsten Werner <email address hidden> Thu, 09 Jun 2011 23:15:49 +0200
sun-java6 (6.26-3) unstable; urgency=low
* "ia32-sun-java6-bin has improperly equal alternatives priority on amd64"
fixed. Thanks to Todd Vierling for providing the patch (LP: #643658)
-- Sylvestre Ledru <email address hidden> Fri, 22 Jul 2011 23:22:17 +0200
| Published in squeeze-release |
sun-java6 (6.26-0squeeze1) stable; urgency=high [ Sylvestre Ledru ] * New upstream release (Closes: #629852) * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2011-0862): integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) - (CVE-2011-0873): unspecified vulnerability fixed in 6u26 (2D) - (CVE-2011-0815): FileDialog.show() buffer overflow (AWT, 7012520) - (CVE-2011-0817): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0863): unspecified vulnerability fixed in 6u26 (Deployment) - (CVE-2011-0864): JVM memory corruption via certain bytecode (HotSpot, 7020373) - (CVE-2011-0802): unspecified vulnerabilities fixed in 6u26 (Sound) - (CVE-2011-0814): unspecified vulnerabilities fixed in 6u26 (Sound) - (CVE-2011-0871): MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) - (CVE-2011-0786): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0788): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0866): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0868): incorrect numeric type conversion in TransformHelper (2D, 7016495) - (CVE-2011-0872): non-blocking sockets incorrectly selected for reading (NIO, 6213702) - (CVE-2011-0867): NetworkInterface information leak (Networking, 7013969) - (CVE-2011-0869): unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971) - (CVE-2011-0865): Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) [ Torsten Werner ] * Upload to stable. -- Torsten Werner <email address hidden> Thu, 09 Jun 2011 16:56:39 +0200
sun-java6 (6.26-1) unstable; urgency=high * New upstream release (Closes: #629852) * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2011-0862): integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519) - (CVE-2011-0873): unspecified vulnerability fixed in 6u26 (2D) - (CVE-2011-0815): FileDialog.show() buffer overflow (AWT, 7012520) - (CVE-2011-0817): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0863): unspecified vulnerability fixed in 6u26 (Deployment) - (CVE-2011-0864): JVM memory corruption via certain bytecode (HotSpot, 7020373) - (CVE-2011-0802): unspecified vulnerabilities fixed in 6u26 (Sound) - (CVE-2011-0814): unspecified vulnerabilities fixed in 6u26 (Sound) - (CVE-2011-0871): MediaTracker created Component instances with unnecessary privileges (Swing, 7020198) - (CVE-2011-0786): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0788): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0866): unspecified vulnerabilities fixed in 6u26 (Deployment, JRE) - (CVE-2011-0868): incorrect numeric type conversion in TransformHelper (2D, 7016495) - (CVE-2011-0872): non-blocking sockets incorrectly selected for reading (NIO, 6213702) - (CVE-2011-0867): NetworkInterface information leak (Networking, 7013969) - (CVE-2011-0869): unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971) - (CVE-2011-0865): Deserialization allows creation of mutable SignedObject (Deserialization, 6618658) -- Sylvestre Ledru <email address hidden> Thu, 09 Jun 2011 10:20:23 +0200
sun-java6 (6.25-3) unstable; urgency=low * For now, revert changes of upload 6.25-2 due to license reasons. In touch with upstream about this issue. -- Sylvestre Ledru <email address hidden> Thu, 19 May 2011 16:50:11 +0200
sun-java6 (6.25-2) unstable; urgency=low * sun-java6-fonts can be installed without installing the jre (Closes: #625617) -- Sylvestre Ledru <email address hidden> Sat, 07 May 2011 23:06:10 +0200
sun-java6 (6.25-1) unstable; urgency=low * New upstream release * Standards-Version updated to version 3.9.2 * Suggests default-jdk-doc instead of openjdk-6-doc * Update of the lintian overrides about embedded-library -- Sylvestre Ledru <email address hidden> Tue, 03 May 2011 15:54:53 +0200
sun-java6 (6.24-2) unstable; urgency=low * Remove Build-Depends: libxp6. (Closes: #623657) -- Torsten Werner <email address hidden> Fri, 22 Apr 2011 20:10:15 +0200
| Superseded in squeeze-release |
sun-java6 (6.24-1~squeeze1) stable; urgency=low * Upload to stable. (Closes: #613723) -- Torsten Werner <email address hidden> Sun, 27 Feb 2011 19:38:43 +0100
sun-java6 (6.24-1) unstable; urgency=high * New upstream release * Watch file added * Homepage updated to http://jdk-distros.java.net/ * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-4476): Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number. - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability - (CVE-2010-4454): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution Vulnerability - (CVE-2010-4465): Swing timer-based security manager bypass - (CVE-2010-4467): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4469): Hotspot backward jsr heap corruption - (CVE-2010-4473): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4422): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4451): Vulnerability allows successful unauthenticated network attacks via HTTP. - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage Vulnerability - (CVE-2010-4470): JAXP untrusted component state manipulation - (CVE-2010-4471): Java2D font-related system property leak - (CVE-2010-4447): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4475): vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4468): DNS cache poisoning by untrusted applets - (CVE-2010-4450): Launcher incorrect processing of empty library path entries - (CVE-2010-4448): DNS cache poisoning by untrusted applets - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N implementation - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to Operating System. -- Sylvestre Ledru <email address hidden> Wed, 16 Feb 2011 00:46:20 +0100
sun-java6 (6.23-1) unstable; urgency=low * New upstream release * Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455) * Standards-Version updated to version 3.9.1 -- Sylvestre Ledru <email address hidden> Wed, 09 Feb 2011 01:23:20 +0100
| Superseded in lenny-release |
sun-java6 (6-22-0lenny1) stable; urgency=low * New upstream release (Closes: #601802) * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-3556): JDK unspecified vulnerability in 2D component - (CVE-2010-3562): JDK IndexColorModel double-free - (CVE-2010-3565): JDK JPEG writeImage remote code execution - (CVE-2010-3566): JDK ICC Profile remote code execution - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in character counts - (CVE-2010-3571): JDK unspecified vulnerability in 2D component - (CVE-2010-3554): JDK corba reflection vulnerabilities - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component - (CVE-2010-3568): JDK Deserialization Race condition - (CVE-2010-3569): JDK Serialization inconsistencies - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin component - (CVE-2010-3559): JDK unspecified vulnerability in Sound component - (CVE-2010-3572): JDK unspecified vulnerability in Sound component - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving connections from any host - (CVE-2009-3555): TLS: MITM attacks via session renegotiation - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads to DoS - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request splitting) - (CVE-2010-3557): JDK Swing mutable static - (CVE-2010-3541): limit setting of some request headers in HttpURLConnection - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection - (CVE-2010-3548): JDK DNS server IP address information leak - (CVE-2010-3551): NetworkInterface reveals local network address to untrusted code - (CVE-2010-3560): JDK unspecified vulnerability in Networking component -- Torsten Werner <email address hidden> Sat, 06 Nov 2010 10:56:16 +0100
sun-java6 (6.22-1) unstable; urgency=high
[ Torsten Werner ]
* Add file /etc/java-6-sun/swing.properties. (Closes: #480570)
* Install the desktop file for jvisualvm and remove the one for jconsole.
(Closes: #539288)
[ Sylvestre Ledru ]
* New upstream release (Closes: #600259)
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-3556): JDK unspecified vulnerability in 2D component
- (CVE-2010-3562): JDK IndexColorModel double-free
- (CVE-2010-3565): JDK JPEG writeImage remote code execution
- (CVE-2010-3566): JDK ICC Profile remote code execution
- (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in
character counts
- (CVE-2010-3571): JDK unspecified vulnerability in 2D component
- (CVE-2010-3554): JDK corba reflection vulnerabilities
- (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
- (CVE-2010-3568): JDK Deserialization Race condition
- (CVE-2010-3569): JDK Serialization inconsistencies
- (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component
- (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin
component
- (CVE-2010-3559): JDK unspecified vulnerability in Sound component
- (CVE-2010-3572): JDK unspecified vulnerability in Sound component
- (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
- (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
- (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component
- (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
- (CVE-2010-3561): Privileged ServerSocket.accept allows receiving
connections from any host
- (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads
to DoS
- (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request
splitting)
- (CVE-2010-3557): JDK Swing mutable static
- (CVE-2010-3541): limit setting of some request headers in
HttpURLConnection
- (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
- (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
- (CVE-2010-3548): JDK DNS server IP address information leak
- (CVE-2010-3551): NetworkInterface reveals local network address to
untrusted code
- (CVE-2010-3560): JDK unspecified vulnerability in Networking component
* Update of the italian po. Thanks to Vincenzo Campanella (Closes: #597313)
-- Sylvestre Ledru <email address hidden> Fri, 15 Oct 2010 10:05:39 +0200
sun-java6 (6.21-1) unstable; urgency=low
* New upstream release
- There are no security fixes in this release.
* Update $(bin_pattern) and $(diff_ignore) in debian/rules.
* Add a lintian override for embedded-libjpeg.
* Update danish debconf translation; thanks to Joe Dalton. (Closes: #586238)
* Update japanese debconf translation; thanks to Hideki Yamane.
(Closes: #580157)
* Add midori as an alternative to $(browsers) in debian/rules.
(Closes: #588663)
-- Torsten Werner <email address hidden> Wed, 28 Jul 2010 14:47:10 +0200
| Superseded in lenny-release |
sun-java6 (6-20-0lenny1) stable; urgency=low * New upstream release to fix open security issues. -- Torsten Werner <email address hidden> Sat, 24 Apr 2010 00:12:50 +0200
sun-java6 (6.20-dlj-4) unstable; urgency=low
* Remove wrong space character for uming.ttc path in fontconfig.properties.
Thanks to Alberto Alvarez García.
-- Torsten Werner <email address hidden> Sat, 08 May 2010 11:30:59 +0200
| Superseded in sid-release |
sun-java6 (6.20-dlj-3) unstable; urgency=low
* Change Vcs-Svn header to allow anonymous access. (Closes: #478673)
* Add Recommends: ia32-libs-gtk to package ia32-sun-java6-bin.
(Closes: #532359)
* Add a some information to README.Debian that explains how to enable the
plugin in Iceweasel. (Closes: #541154)
* Add myself to Uploaders.
* Add missing changelog entry for CVE-2010-0087 to version 6.19-0ubuntu1.
* Add missing changelog entry for CVE-2010-1423 to version 6.20-1.
-- Torsten Werner <email address hidden> Sun, 02 May 2010 12:07:16 +0200
sun-java6 (6.20-dlj-1) unstable; urgency=low
* Team upload.
* Create orig tarball from files at
<https://jdk-distros.dev.java.net/developer.html>. (Closes: #578402)
* Upload for Architecture: amd64. (Closes: #578361, #576481)
* Re-enable the license check in d/rules. (Closes: #578378)
-- Torsten Werner <email address hidden> Mon, 19 Apr 2010 22:13:23 +0200
sun-java6 (6.19-1) unstable; urgency=low * Sync from Ubuntu. Thanks to Matthias Klose. * Vietnamese (vi) debconf templates translation updated (Closes: #576135) -- Sylvestre Ledru <email address hidden> Tue, 06 Apr 2010 11:54:35 +0200
sun-java6 (6.18-4) unstable; urgency=low
* Package sun-java6-plugin now register plugins for various browser
(Closes: #534174)
-- Sylvestre Ledru <email address hidden> Wed, 24 Mar 2010 11:50:06 +0100
sun-java6 (6.18-3) unstable; urgency=low * Update of the docs filenames (Closes: #523390) * Swedish debconf templates translation updated (Closes: #570023) * Chinese (zh_CN) debconf templates translation updated * Czech debconf templates translation updated (Closes: #570062) * French debconf templates translation updated (Closes: #570060) * Slovak debconf templates translation updated (Closes: #570061) * Russian debconf templates translation updated (Closes: #570541) * German debconf templates translation updated (Closes: #570741) * Portuguese debconf templates translation updated (Closes: #571042) -- Sylvestre Ledru <email address hidden> Fri, 05 Mar 2010 14:55:36 +0100
sun-java6 (6.18-2) unstable; urgency=low
* Package moved under the Debian Java team
* Add myself as uploader (Closes: #544629)
* Update of the Vcs-Svn & Vcs-Browser fields
* Cleanup the version numbers (- in the version was messing up)
(Closes: #445343)
* Update of the license URL from http://java.sun.com/notes (404)
to http://download.java.net/dlj/jdk6/LICENSE (Closes: 569352)
* French debconf templates translation updated (Closes: #569282)
* Czech debconf templates translation updated (Closes: #569294)
* Japanese debconf templates translation updated (Closes: #569312)
* Italien debconf templates translation updated
* Slovak debconf templates translation updated (Closes: #569489)
* Fix Incorrect Menu Entry for Java Web Start
Reuse javaws.wrapper from openjdk (Closes: #489833)
* Konqueror also available as a browser (Closes: #514983)
-- Sylvestre Ledru <email address hidden> Thu, 11 Feb 2010 09:27:04 +0100
sun-java6 (6-18-1) unstable; urgency=low
* QA upload.
* Non-maintainer upload.
* New upstream version.
Release notes at http://java.sun.com/javase/6/webnotes/6u18.html
* Rephrase on the license approval (Closes: #541881)
* Update messages to show the actual $TMP instead of /tmp
(Closes: #539556; #506890)
* Standards-Version updated to version 3.8.4
* Replace jconsole => jvisualvm in the menu (Closes: #539288)
* fontconfig.properties uses uming.ttc instead of uming.ttc (Closes: #566088)
* Integration of the Galician translation. Thanks marce. (Closes: #537543)
* Integration of the Slovak translation. Thanks Ivan Masár (Closes: #535184)
* Integration of the Simplified Chinese translation. Thanks Ji ZhengYu
(Closes: #535184)
* dh_desktop removed from debian/rules
* not-binnmuable-all-depends-any fixed
-- Sylvestre Ledru <email address hidden> Mon, 08 Feb 2010 15:01:36 +0100
sun-java6 (6-17-1) unstable; urgency=low
* QA upload.
* New upstream version. (Closes: #558173)
Release notes at http://java.sun.com/javase/6/webnotes/6u17.html
-- Giuseppe Iuculano <email address hidden> Sat, 28 Nov 2009 19:02:56 +0100
sun-java6 (6-16-1) unstable; urgency=low
* QA upload.
* Remove `Uploaders' attribute.
* New upstream version.
Release notes at http://java.sun.com/javase/6/webnotes/6u16.html
* Fix some more lintian warnings.
* Stop building sun-java6-doc, it's an installer package anyway.
Suggest openjdk-6-doc instead.
* Mention compatibility problems with some window managers and running with
AWT_TOOLKIT=MToolkit in README.Debian. See #504524.
-- Matthias Klose <email address hidden> Fri, 28 Aug 2009 10:24:29 +0200
sun-java6 (6-15-1) unstable; urgency=medium
* New upstream version.
Release notes at http://java.sun.com/javase/6/webnotes/6u15.html
Addresses CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,
CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,
CVE-2009-2675, CVE-2009-2676, CVE-2009-2690.
* Set section names to java.
* Orphan the package.
-- Matthias Klose <email address hidden> Fri, 07 Aug 2009 13:05:35 +0200
sun-java6 (6-14-1) unstable; urgency=low
* New upstream version.
Release notes at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html.
* Add xulrunner-1.9 as a browser alternative. Closes: #526227.
-- Matthias Klose <email address hidden> Tue, 02 Jun 2009 18:49:25 +0200
sun-java6 (6-13-1) unstable; urgency=low * New upstream version. Closes: #521414. LP: #349135. Release notes at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html. Fixes CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107. * Fix name of the downloaded doc zip. -- Matthias Klose <email address hidden> Sun, 29 Mar 2009 19:12:49 +0200
| Superseded in sid-release |
| Superseded in squeeze-release |
| Superseded in squeeze-release |
| Superseded in lenny-release |
| Superseded in sid-release |
sun-java6 (6-12-1) unstable; urgency=medium * Upload to unstable. -- Matthias Klose <email address hidden> Fri, 06 Feb 2009 15:39:56 +0100
sun-java6 (6-10-2) unstable; urgency=low * Fix build failure on amd64. -- Matthias Klose <email address hidden> Fri, 17 Oct 2008 07:15:15 +0200
sun-java6 (6-07-4) unstable; urgency=low
* Ignore errors when registering the jar binfmt. The alternative may
already be registered by another JVM (openjdk-6, cacao-oj6).
* Ignore errors when generating the java shared archive. Closes: #493085.
LP: #247296.
-- Matthias Klose <email address hidden> Tue, 05 Aug 2008 17:54:06 +0200
| 1 → 31 of 31 results | First • Previous • Next • Last |
