-
openjdk-6 (6b20-1.9.13-0ubuntu1~10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: update to IcedTea 6 1.9.13
- Security fixes:
- S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
- S7088367, CVE-2011-3563: Fix issues in java sound
- S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager
method
- S7110687, CVE-2012-0503: Issues with TimeZone class
- S7110700, CVE-2012-0505: Enhance exception throwing mechanism
in ObjectStreamClass
- S7110704, CVE-2012-0506: Issues with some method in corba
- S7112642, CVE-2012-0497: Incorrect checking for graphics
rendering object
- S7118283, CVE-2012-0501: Better input parameter checking in
zip file processing
- S7126960, CVE-2011-5035: (httpserver) Add property to limit
number of request headers to the HTTP Server
- Bug fixes:
- S7102369, RH751203: remove java.rmi.server.codebase property
parsing from registyimpl
- S7094468, RH751203: rmiregistry clean up
- S6851973, PR830: ignore incoming channel binding if acceptor
does not set one
* drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as
it's included in the upstream release.
-- Steve Beattie <email address hidden> Wed, 15 Feb 2012 14:30:55 -0800
-
openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.3) maverick-security; urgency=low
* debian/patches/openjdk-7103725-ssl_beast_regression.patch:
Add regression fix for broken ssl connectivity when using
TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761)
-- Steve Beattie <email address hidden> Fri, 20 Jan 2012 09:59:35 -0800
-
openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.2) maverick-security; urgency=low
* SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw
- debian/patches/SOP-bypass-icedtea6-1.9.patch: Remove special
case for SocketPermission.
- CVE-2011-3377
- Applied inline due to needing to apply patches only once for netx,
not for every vm
openjdk-6 (6b20-1.9.10-0ubuntu1~10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: IcedTea6 1.9.10 Release:
- Security fixes:
- S7000600, CVE-2011-3547: InputStream skip() information leak.
- S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
- S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
- S7032417, CVE-2011-3552: excessive default UDP socket limit under
SecurityManager.
- S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
- S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
engine.
- S7055902, CVE-2011-3521: IIOP deserialization code execution.
- S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
error checks.
- S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
against SSL/TLS (BEAST).
- S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
PorterStemmer.
- S7077466, CVE-2011-3556: RMI DGC server remote code execution.
- S7083012, CVE-2011-3557: RMI registry privileged code execution.
- S7096936, CVE-2011-3560: missing checkSetFactory calls in
HttpsURLConnection.
-- Steve Beattie <email address hidden> Tue, 08 Nov 2011 12:24:08 -0800
-
openjdk-6 (6b20-1.9.9-0ubuntu1~10.10.2) maverick-security; urgency=low
* SECURITY UPDATE: information disclosure
- IcedTea 1.9.9 release:
+ debian/patches/cache-directory-exposed-it6-1.9.patch: don't
allow unsigned web start applications/applets determine the
location of the netx cache directory
+ CVE-2011-2513
* drop debian/patches/hotspot-fix_added_define.patch: applied upstream
-- Steve Beattie <email address hidden> Thu, 21 Jul 2011 08:54:38 -0700
-
openjdk-6 (6b20-1.9.8-0ubuntu1~10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: IcedTea6 1.9.8 Release:
- S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP
urgent disabled get still selected for read ops (win)
- S6618658, CVE-2011-0865: Vulnerability in deserialization
- S7012520, CVE-2011-0815: Heap overflow vulnerability in
FileDialog.show()
- S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in
2D code
- S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
bindings
- S7013971, CVE-2011-0869: Vulnerability in SAAJ
- S7016340, CVE-2011-0870: Vulnerability in SAAJ
- S7016495, CVE-2011-0868: Crash in Java 2D transforming an image
with scale close to zero
- S7020198, CVE-2011-0871: ImageIcon creates Component with
null acc
- S7020373, CVE-2011-0864: JSR rewriting can overflow memory
address size variables
* debian/generate_debian_orig.sh: adjust settings to match the
generation of this update.
* Makefile.{am,in}: don't apply patches/jtreg-LastErrorString.patch as
it causes the testsuite runner to fail.
-- Steve Beattie <email address hidden> Tue, 14 Jun 2011 11:13:28 -0700
-
openjdk-6 (6b20-1.9.7-0ubuntu1) maverick-security; urgency=low
* IcedTea6 1.9.7 release.
- SECURITY UPDATE:
+ S4421494, CVE-2010-4476: infinite loop while parsing double literal.
+ S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
+ S6907662, CVE-2010-4465: Swing timer-based security manager bypass
+ S6994263, CVE-2010-4472: Untrusted code allowed to replace
DSIG/C14N implementation
+ S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
+ S6983554, CVE-2010-4450: Launcher incorrect processing of
empty library path entries
+ S6985453, CVE-2010-4471: Java2D font-related system property leak
+ S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
+ RH677332, CVE-2011-0706: Multiple signers privilege escalation
- Bug fixes
+ RH676659: Pass -export-dynamic flag to linker using -Wl,
as option in gcc 4.6+ is broken
+ G344659: Fix issue when building on SPARC
+ Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
- debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
zerovm instead to compensate for
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631
-- Steve Beattie <email address hidden> Tue, 22 Feb 2011 23:31:47 -0800
-
openjdk-6 (6b20-1.9.5-0ubuntu1) maverick-security; urgency=low
* IcedTea6 1.9.5 release.
- CVE-2011-0025: IcedTea jarfile signature verification bypass.
-- Matthias Klose <email address hidden> Thu, 27 Jan 2011 10:13:13 +0100
-
openjdk-6 (6b20-1.9.4-0ubuntu1) maverick-security; urgency=low
* IcedTea6 1.9.4 release.
- CVE-2010-4351: IcedTea JNLP SecurityManager bypass.
-- Matthias Klose <email address hidden> Thu, 06 Jan 2011 23:39:28 +0100
-
openjdk-6 (6b20-1.9.2-0ubuntu2) maverick-security; urgency=low
* Revert two backports. LP: #688522:
- S6638712: Inference with wildcard types causes selection of
inapplicable method.
- S6650759: Inference of formal type parameter (unused in formal
parameters) is not performed.
-- Matthias Klose <email address hidden> Fri, 10 Dec 2010 19:34:46 +0100
-
openjdk-6 (6b20-1.9.2-0ubuntu1) maverick-security; urgency=low
* IcedTea6 1.9.2 release.
- CVE-2010-3860: Fix IcedTea System property information leak via
public static.
* Build using Hotspot hs19.
* Start metacity using dbus-launch, when running the testsuite. LP: #632594.
-- Matthias Klose <email address hidden> Sun, 21 Nov 2010 18:30:39 +0100
-
openjdk-6 (6b20-1.9.1-1ubuntu3) maverick-security; urgency=low
* Move all japanese man pages belonging to the jre into the -jre package.
Closes: #600765.
* Add -jdk replaces for -jre and -jre-headless. Closes: #600809.
openjdk-6 (6b20-1.9.1-1ubuntu1) maverick-security; urgency=low
* Fix upgrade to symlinked timezone data. Closes: #600359.
openjdk-6 (6b20-1.9.1-1) experimental; urgency=low
* Upload to experimental.
openjdk-6 (6b20-1.9.1-0ubuntu1) maverick-security; urgency=low
* IcedTea6 1.9.1 release.
- Security updates:
- S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation.
- S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition.
- S6891766, CVE-2010-3554: OpenJDK corba reflection vulnerabilities.
- S6925710, CVE-2010-3562: OpenJDK IndexColorModel double-free.
- S6938813, CVE-2010-3557: OpenJDK Swing mutable static.
- S6957564, CVE-2010-3548: OpenJDK DNS server IP address information
leak.
- S6958060, CVE-2010-3564: OpenJDK kerberos vulnerability.
- S6963023, CVE-2010-3565: OpenJDK JPEG writeImage remote code execution.
- S6963489, CVE-2010-3566: OpenJDK ICC Profile remote code execution.
- S6966692, CVE-2010-3569: OpenJDK Serialization inconsistencies.
- S6622002, CVE-2010-3553: UIDefault.ProxyLazyValue has unsafe
reflection usage.
- S6623943: javax.swing.TimerQueue's thread occasionally fails to start.
- S6925672, CVE-2010-3561: Privileged ServerSocket.accept allows
receiving connections from any host.
- S6952017, CVE-2010-3549: HttpURLConnection chunked encoding issue
(Http request splitting).
- S6952603, CVE-2010-3551: NetworkInterface reveals local network
address to untrusted code.
- S6961084, CVE-2010-3541: limit setting of some request headers in
HttpURLConnection.
- S6963285, CVE-2010-3567: Crash in ICU Opentype layout engine due to
mismatch in character counts.
- S6980004, CVE-2010-3573: limit HTTP request cookie headers in
HttpURLConnection.
- S6981426, CVE-2010-3574: limit use of TRACE method in
HttpURLConnection.
- Plugin fixes.
- Backports from newer IcedTea releases.
openjdk-6 (6b20-1.9-1) experimental; urgency=low
* Upload to experimental.
-- Matthias Klose <email address hidden> Wed, 20 Oct 2010 12:51:34 +0200
-
openjdk-6 (6b20-1.9-0ubuntu1) maverick; urgency=low
* I$cedTea6 1.9 release.
-- Matthias Klose <email address hidden> Tue, 07 Sep 2010 18:13:20 +0200
-
openjdk-6 (6b20~pre2-0ubuntu2) maverick; urgency=low
* Update from the IcedTea6 trunk.
* Really let the build fail on armel.
-- Matthias Klose <email address hidden> Fri, 30 Jul 2010 16:55:38 +0200
-
openjdk-6 (6b20~pre2-0ubuntu1) maverick; urgency=high
* Update from the IcedTea6 trunk.
- (CVE-2010-2783): IcedTea 'Extended JNLP Services' arbitrary file access.
- (CVE-2010-2548): IcedTea incomplete property access check for unsigned
applications
* openjdk-6-jre: Recommend ttf-dejavu-extra. LP: #569396.
* Explicitely fail the build on armel. The ARM assembler interpreter is
disabled and would a 3-5x performance regression compared to the current
6b18 armel binaries in the archive.
-- Matthias Klose <email address hidden> Thu, 29 Jul 2010 00:10:53 +0200
-
openjdk-6 (6b20~pre1-1ubuntu1) maverick; urgency=low
* Include docs in the -doc package. LP: #600834.
* Update from the IcedTea6 trunk.
- Plugin and netx fixes.
- Don't link the plugin against the libxul libraries. Closes: #576361.
- More plugin cpu usage fixes. Closes: #584335, #587049.
- Plugin: fixes AppletContext.getApplets().
* Fix Vcs-Bzr location. Closes: #530883.
* Search for unversioned llvm-config tool.
* Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641.
* Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font.
LP: #472845.
* Strip libjvm.so with --strip-debug instead of --strip-unneeded.
LP: #574997.
-- Matthias Klose <email address hidden> Thu, 15 Jul 2010 12:40:10 +0200
-
openjdk-6 (6b20~pre1-0ubuntu3) maverick; urgency=low
* debian/rules: disable shark on armel in maverick to fix FTBFS,
thanks to Marcin Juszkiewicz for working out the fix (LP: #600278)
-- Oliver Grawert <email address hidden> Mon, 05 Jul 2010 10:32:40 +0200
-
openjdk-6 (6b20~pre1-0ubuntu2) maverick; urgency=low
* Shark & CACAO build fixes.
-- Matthias Klose <email address hidden> Fri, 25 Jun 2010 02:27:10 +0200
-
openjdk-6 (6b20~pre1-0ubuntu1) maverick; urgency=low
* Update to 6b20 code drop.
-- Matthias Klose <email address hidden> Wed, 14 Apr 2010 02:53:37 +0200
-
openjdk-6 (6b18-1.8-2ubuntu3) maverick; urgency=low
* Update from the 1.8 branch.
- Plugin fixes.
-- Matthias Klose <email address hidden> Wed, 23 Jun 2010 14:08:31 +0200
-
openjdk-6 (6b18-1.8-2ubuntu2) maverick; urgency=low
* Search for unversioned llvm-config tool.
-- Matthias Klose <email address hidden> Sun, 02 May 2010 12:03:01 +0200
-
openjdk-6 (6b18-1.8-2ubuntu1) maverick; urgency=low
* Upload to maverick.
openjdk-6 (6b18-1.8-2) unstable; urgency=low
* Update from the 1.8 branch.
- Fix build on Hitachi SH. Closes: #575346.
_ Shark and Zero fixes.
* Build shark using llvm-2.7.
* Don't use shark to run the test harness when testing the shark build.
* README.Debian: Add paragraph about debugging the IcedTea NPPlugin.
openjdk-6 (6b18-1.8-1) unstable; urgency=low
* Upload to unstable.
-- Matthias Klose <email address hidden> Sun, 02 May 2010 11:23:16 +0200
-
openjdk-6 (6b18-1.8-0ubuntu1) lucid; urgency=low
* Update IcedTea6 to the icedtea6-1.8 release.
* Fix builds on Ubuntu/dapper and Debian/lenny.
* On hppa, configure --without-rhino --disable-plugin.
* Fix Hitachi SH configury. Closes: #575346.
* Start a window manager when running the tests. Prefer metacity,
as more tests pass with it.
* Let XToolkit.isTraySupported() return true, if Compiz is running.
Works around sun#6438179. LP: #300948.
* Make <java_home>/jre/lib/security/nss.cfg a config file.
* Fail in the configuration of the packages, if /proc is not mounted.
java currently uses tricks to find its own shared libraries depending
on the path of the binary. Will be changed in OpenJDK7. Closes: #576453.
* Fix PR icedtea/469, testsuite failures with the NSS based security
provider. LP: #556549.
* Do not pass LD_LIBRARY_PATH from the plugin to the java process.
While libnss3.so gets loaded from /usr/lib, the dependent libraries
are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox
config). LP: #561124.
Closes as well: LP: #551328, #554909, #560829, #549010, #553452.
* Always build shark with hs14.
-- Matthias Klose <email address hidden> Wed, 14 Apr 2010 01:53:33 +0200
