[ubuntu/lucid] sun-java6 6.24-1build0.10.04.1 (Accepted)
Brian Thomason
brian.thomason at canonical.com
Mon Feb 21 22:41:12 UTC 2011
sun-java6 (6.24-1build0.10.04.1) lucid; urgency=low
* Fake sync from Debian
* Changed Section prefix from non-free to partner as sun-java6 resides in
Canonical Partner archive as of Lucid
sun-java6 (6.24-1) unstable; urgency=high
* New upstream release
* Watch file added
* Homepage updated to http://jdk-distros.java.net/
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-4476): Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number.
- (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
Execution Vulnerability
- (CVE-2010-4454): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
- (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
Vulnerability
- (CVE-2010-4465): Swing timer-based security manager bypass
- (CVE-2010-4467): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4469): Hotspot backward jsr heap corruption
- (CVE-2010-4473): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4422): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4451): Vulnerability allows successful unauthenticated network
attacks via HTTP.
- (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
Vulnerability
- (CVE-2010-4470): JAXP untrusted component state manipulation
- (CVE-2010-4471): Java2D font-related system property leak
- (CVE-2010-4447): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4475): vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4468): DNS cache poisoning by untrusted applets
- (CVE-2010-4450): Launcher incorrect processing of empty library path
entries
- (CVE-2010-4448): DNS cache poisoning by untrusted applets
- (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
implementation
- (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
Operating System.
sun-java6 (6.23-1) unstable; urgency=low
* New upstream release
* Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
* Standards-Version updated to version 3.9.1
Date: Mon, 21 Feb 2011 15:42:33 -0500
Changed-By: Brian Thomason <brian.thomason at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/lucid/+source/sun-java6/6.24-1build0.10.04.1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 21 Feb 2011 15:42:33 -0500
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb
Architecture: source
Version: 6.24-1build0.10.04.1
Distribution: lucid
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Brian Thomason <brian.thomason at canonical.com>
Description:
ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent
sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen
sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Closes: 607455
Changes:
sun-java6 (6.24-1build0.10.04.1) lucid; urgency=low
.
* Fake sync from Debian
* Changed Section prefix from non-free to partner as sun-java6 resides in
Canonical Partner archive as of Lucid
.
sun-java6 (6.24-1) unstable; urgency=high
.
* New upstream release
* Watch file added
* Homepage updated to http://jdk-distros.java.net/
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-4476): Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number.
- (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
Execution Vulnerability
- (CVE-2010-4454): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
- (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
Vulnerability
- (CVE-2010-4465): Swing timer-based security manager bypass
- (CVE-2010-4467): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4469): Hotspot backward jsr heap corruption
- (CVE-2010-4473): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4422): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4451): Vulnerability allows successful unauthenticated network
attacks via HTTP.
- (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
Vulnerability
- (CVE-2010-4470): JAXP untrusted component state manipulation
- (CVE-2010-4471): Java2D font-related system property leak
- (CVE-2010-4447): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4475): vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4468): DNS cache poisoning by untrusted applets
- (CVE-2010-4450): Launcher incorrect processing of empty library path
entries
- (CVE-2010-4448): DNS cache poisoning by untrusted applets
- (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
implementation
- (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
Operating System.
.
sun-java6 (6.23-1) unstable; urgency=low
.
* New upstream release
* Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
* Standards-Version updated to version 3.9.1
Checksums-Sha1:
7a925e294f2f9861071b0e3ae8577019c630ecda 1714 sun-java6_6.24-1build0.10.04.1.dsc
f51f1d65555e43b1fd3d4dead86e6022ff215ec0 167431099 sun-java6_6.24.orig.tar.gz
61d5c9279abcf6f2f4e019b1637afbf0191434ad 88316 sun-java6_6.24-1build0.10.04.1.debian.tar.gz
Checksums-Sha256:
2b7d37661f9ee576e76f3f666ed221505c254380fd633222f855bca8e0b93e3a 1714 sun-java6_6.24-1build0.10.04.1.dsc
982fad10cf584fa55781e7bef432fbf69e917a6975cb0a34f0c511ec651cd98a 167431099 sun-java6_6.24.orig.tar.gz
cce1eebf2de6d0b2527069c61b31c451e87b809d17ce2f2c659d51057aa46656 88316 sun-java6_6.24-1build0.10.04.1.debian.tar.gz
Files:
f92af3c2e4c0c92ad49f37f4f81b34c4 1714 partner/java optional sun-java6_6.24-1build0.10.04.1.dsc
3cd597b7d8a15ce1a235f36e4235d0c4 167431099 partner/java optional sun-java6_6.24.orig.tar.gz
2b1dd8b7fa5633c435acc40ca79caecc 88316 partner/java optional sun-java6_6.24-1build0.10.04.1.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1i6OQACgkQOb4zNfJqN5c7iACfXxFzxPoDJyWkwhHvq2MvD9Sd
I3MAnRBmt9pkXQrvOQydvT6m/af1NSdk
=P74q
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list