sun-java6 (6.19-0ubuntu1) lucid; urgency=low
* New upstream version.
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
- (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
if run with -Xcomp (6894807).
- (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
(6899653).
- (CVE-2010-0082): Loader-constraint table allows arrays instead of
only the base-classes (6626217).
- (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
network addresses (6893954) [ZDI-CAN-603].
- (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
- (CVE-2010-0091): Unsigned applet can retrieve the dragged information
before drop action occurs (6887703).
- (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
- (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
(6633872).
- (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
error (6888149).
- (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
enforce stricter checks (6893947) [ZDI-CAN-588].
- (CVE-2010-0093): System.arraycopy unable to reference elements
beyond Integer.MAX_VALUE bytes (6892265).
- (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
Vulnerability (6904691).
- (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
- (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
(6914866).
- (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
- 6639665: ThreadGroup finalizer allows creation of false root
ThreadGroups.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
encoded CommonName OIDs.
- 6910590: Application can modify command array in ProcessBuilder.
- 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
- 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- 6898739: TLS renegotiation issue.
Date: Tue, 30 Mar 2010 23:07:56 +0000
Changed-By: Matthias Klose <d...@canonical.com>
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Signed-By: Matthias Klose <matthias.kl...@canonical.com>
https://launchpad.net/ubuntu/lucid/+source/sun-java6/6.19-0ubuntu1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 30 Mar 2010 23:07:56 +0000
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin
ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo
sun-java6-source sun-java6-javadb
Architecture: source
Version: 6.19-0ubuntu1
Distribution: lucid
Urgency: low
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Matthias Klose <d...@canonical.com>
Description:
ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture
dependent
sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture
independen
sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Changes:
sun-java6 (6.19-0ubuntu1) lucid; urgency=low
.
* New upstream version.
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
- (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
if run with -Xcomp (6894807).
- (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
(6899653).
- (CVE-2010-0082): Loader-constraint table allows arrays instead of
only the base-classes (6626217).
- (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
network addresses (6893954) [ZDI-CAN-603].
- (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
- (CVE-2010-0091): Unsigned applet can retrieve the dragged information
before drop action occurs (6887703).
- (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
- (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
(6633872).
- (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
error (6888149).
- (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
enforce stricter checks (6893947) [ZDI-CAN-588].
- (CVE-2010-0093): System.arraycopy unable to reference elements
beyond Integer.MAX_VALUE bytes (6892265).
- (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
Vulnerability (6904691).
- (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
- (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
(6914866).
- (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
- 6639665: ThreadGroup finalizer allows creation of false root
ThreadGroups.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
encoded CommonName OIDs.
- 6910590: Application can modify command array in ProcessBuilder.
- 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
- 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
- 6898739: TLS renegotiation issue.
Checksums-Sha1:
a22e9a0a20458cd0edc36bf355764be87e024619 1626 sun-java6_6.19-0ubuntu1.dsc
32559c3b5339d1dff20e1c0c985730858e8353e5 167178948 sun-java6_6.19.orig.tar.gz
4d112c54f37276720211109ed4d3993692285b9a 84864 sun-java6_6.19-0ubuntu1.diff.gz
Checksums-Sha256:
04f968ad5b2f375a31e9a19e8e3cc1ffda4c94997c1667a74363e02885f6bad1 1626
sun-java6_6.19-0ubuntu1.dsc
35e000e7caee8735ef5111ea9408c2890178935879d2d12b5d8920d377f7b075 167178948
sun-java6_6.19.orig.tar.gz
cf789eb48184bb0620a7eba495971a86fc65ec37dc61b63a987555233daa6d1f 84864
sun-java6_6.19-0ubuntu1.diff.gz
Files:
db156b4e40eb998ec8171415e3dc006c 1626 partner/java optional
sun-java6_6.19-0ubuntu1.dsc
aeabf58432479385e09ca43b952f3290 167178948 partner/java optional
sun-java6_6.19.orig.tar.gz
c499fe00c66ff57e45589ad71d453644 84864 partner/java optional
sun-java6_6.19-0ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuymVoACgkQStlRaw+TLJzNfQCcDVpV53DWqGD9ZhZPx2v/X2ey
GaQAoJ2EQAlzgvg2xuwsDPdfIu4MI7ax
=5VKw
-----END PGP SIGNATURE-----
--
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
