Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, the version 6.24-1 of the package contains important security related bugfixes. I would take 6.24-1 from unstable and build a version 6.24-1~squeeze1 for stable. All the changes in the unstable package are safe for stable. I am attaching a source package diff between 6.22-1 ... 6.24-1. Cheers, Torsten
Index: debian/control =================================================================== --- debian/control (Revision 13028) +++ debian/control (Revision 13328) @@ -4,11 +4,11 @@ Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Uploaders: Sylvestre Ledru <sylves...@debian.org>, Torsten Werner <twer...@debian.org> Build-Depends: debhelper (>= 5.0.51~), lsb-release, po-debconf, defoma, unzip, bzip2, patch, libasound2, unixodbc, libx11-6, libxext6, libxi6, libxp6, libxt6, libxtst6, lib32asound2 [amd64], ia32-libs [amd64 ia64] -Standards-Version: 3.8.4 +Standards-Version: 3.9.1 Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/sun-java6 Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/sun-java6 XS-Autobuild: yes -Homepage: https://jdk-distros.dev.java.net +Homepage: http://jdk-distros.java.net/ Package: sun-java6-jre Section: non-free/java @@ -57,7 +57,7 @@ Architecture: amd64 i386 lpia Section: non-free/web Priority: optional -Depends: ${shlibs:Depends}, ${misc:Depends}, sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori +Depends: ${shlibs:Depends}, ${misc:Depends}, sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori | google-chrome Xb-Npp-Applications: ec8030f7-c20a-464f-9b0e-13a3a9e97384, 92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a Xb-Npp-Name: The Java(TM) Plug-in, Java SE 6 Xb-Npp-MimeType: application/x-java-vm, application/x-java-applet, application/x-java-applet;version=1.1, application/x-java-applet;version=1.1.1, application/x-java-applet;version=1.1.2, application/x-java-applet;version=1.1.3, application/x-java-applet;version=1.2, application/x-java-applet;version=1.2.1, application/x-java-applet;version=1.2.2, application/x-java-applet;version=1.3, application/x-java-applet;version=1.3.1, application/x-java-applet;version=1.4, application/x-java-applet;version=1.4.1, application/x-java-applet;version=1.4.2, application/x-java-applet;version=1.5, application/x-java-applet;version=1.6, application/x-java-applet;jpi-version=1.6.0_07, application/x-java-bean, application/x-java-bean;version=1.1, application/x-java-bean;version=1.1.1, application/x-java-bean;version=1.1.2, application/x-java-bean;version=1.1.3, application/x-java-bean;version=1.2, application/x-java-bean;version=1.2.1, application/x-java-bean;version=1.2.2, application/x-java-bean;version=1.3, application/x-java-bean;version=1.3.1, application/x-java-bean;version=1.4, application/x-java-bean;version=1.4.1, application/x-java-bean;version=1.4.2, application/x-java-bean;version=1.5, application/x-java-bean;version=1.6, application/x-java-bean;jpi-version=1.6.0_07 @@ -89,7 +89,7 @@ Architecture: amd64 ia64 Section: non-free/web Priority: optional -Depends: ${shlibs:Depends}, ${misc:Depends}, ia32-sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori +Depends: ${shlibs:Depends}, ${misc:Depends}, ia32-sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori | google-chrome Description: The Java(TM) Plug-in, Java SE 6 (32-bit) Java Plug-in enables applets written to the Java Platform 6 specification to be run in Mozilla and other web browsers. Index: debian/control.in =================================================================== --- debian/control.in (Revision 13028) +++ debian/control.in (Revision 13328) @@ -4,11 +4,11 @@ Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Uploaders: Sylvestre Ledru <sylves...@debian.org>, Torsten Werner <twer...@debian.org> Build-Depends: debhelper (>= 5.0.51~), lsb-release, po-debconf, defoma, unzip, bzip2, patch, libasound2, unixodbc, libx11-6, libxext6, libxi6, libxp6, libxt6, libxtst6, lib32asound2 [amd64], ia32-libs [amd64 ia64] -Standards-Version: 3.8.4 +Standards-Version: 3.9.1 Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/sun-java6 Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/sun-java6 XS-Autobuild: yes -Homepage: https://jdk-distros.dev.java.net +Homepage: http://jdk-distros.java.net/ Package: @basename@-jre Section: non-free/java Index: debian/rules =================================================================== --- debian/rules (Revision 13028) +++ debian/rules (Revision 13328) @@ -60,7 +60,7 @@ $(if $(filter $(distribution),Debian),libxul-dev,$(if $(filter $(distrelease),hardy),xulrunner-1.9-dev,firefox-dev)) browser_plugin_dirs = xulrunner-addons firefox iceape iceweasel mozilla midbrowser xulrunner konqueror -browsers = firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori +browsers = firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori | google-chrome # FIXME: xulrunner-addons only tested on sid, jaunty, karmic ifeq ($(distribution),Ubuntu) @@ -315,8 +315,8 @@ exit 1; \ fi -diff_ignore = -I 'Tuesday, June 22' \ - -I 'Tue Jun 22' -I '^ *// java GenerateCharacter' +diff_ignore = -I 'Wednesday, February 2' \ + -I 'Wed Feb 02' -I '^ *// java GenerateCharacter' with_check = yes Index: debian/changelog =================================================================== --- debian/changelog (Revision 13028) +++ debian/changelog (Revision 13328) @@ -1,3 +1,55 @@ +sun-java6 (6.24-1) unstable; urgency=high + + * New upstream release + * Watch file added + * Homepage updated to http://jdk-distros.java.net/ + * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: + - (CVE-2010-4476): Java Runtime Environment hangs when converting + "2.2250738585072012e-308" to a binary floating-point number. + - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code + Execution Vulnerability + - (CVE-2010-4454): Vulnerability allows successful unauthenticated network + attacks via multiple protocols. + - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability + - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution + Vulnerability + - (CVE-2010-4465): Swing timer-based security manager bypass + - (CVE-2010-4467): Vulnerability allows successful unauthenticated network + attacks via multiple protocols. + - (CVE-2010-4469): Hotspot backward jsr heap corruption + - (CVE-2010-4473): Vulnerability allows successful unauthenticated network + attacks via multiple protocols. + - (CVE-2010-4422): Vulnerability allows successful unauthenticated network + attacks via multiple protocols. + - (CVE-2010-4451): Vulnerability allows successful unauthenticated network + attacks via HTTP. + - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage + Vulnerability + - (CVE-2010-4470): JAXP untrusted component state manipulation + - (CVE-2010-4471): Java2D font-related system property leak + - (CVE-2010-4447): Vulnerability allows successful unauthenticated network + attacks via multiple protocols. + - (CVE-2010-4475): vulnerability allows successful unauthenticated network + attacks via multiple protocols. + - (CVE-2010-4468): DNS cache poisoning by untrusted applets + - (CVE-2010-4450): Launcher incorrect processing of empty library path + entries + - (CVE-2010-4448): DNS cache poisoning by untrusted applets + - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N + implementation + - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to + Operating System. + + -- Sylvestre Ledru <sylves...@debian.org> Wed, 16 Feb 2011 00:46:20 +0100 + +sun-java6 (6.23-1) unstable; urgency=low + + * New upstream release + * Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455) + * Standards-Version updated to version 3.9.1 + + -- Sylvestre Ledru <sylves...@debian.org> Wed, 09 Feb 2011 01:23:20 +0100 + sun-java6 (6.22-1) unstable; urgency=low [ Torsten Werner ]