sun-java6 (6.22-0ubuntu1~10.04) lucid; urgency=low * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-3556): JDK unspecified vulnerability in 2D component - (CVE-2010-3562): JDK IndexColorModel double-free - (CVE-2010-3565): JDK JPEG writeImage remote code execution - (CVE-2010-3566): JDK ICC Profile remote code execution - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in character counts - (CVE-2010-3571): JDK unspecified vulnerability in 2D component - (CVE-2010-3554): JDK corba reflection vulnerabilities - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component - (CVE-2010-3568): JDK Deserialization Race condition - (CVE-2010-3569): JDK Serialization inconsistencies - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin component - (CVE-2010-3559): JDK unspecified vulnerability in Sound component - (CVE-2010-3572): JDK unspecified vulnerability in Sound component - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving connections from any host - (CVE-2009-3555): TLS: MITM attacks via session renegotiation - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads to DoS - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request splitting) - (CVE-2010-3557): JDK Swing mutable static - (CVE-2010-3541): limit setting of some request headers in HttpURLConnection - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection - (CVE-2010-3548): JDK DNS server IP address information leak - (CVE-2010-3551): NetworkInterface reveals local network address to untrusted code - (CVE-2010-3560): JDK unspecified vulnerability in Networking component
Date: Fri, 15 Oct 2010 16:05:20 +0200 Changed-By: Matthias Klose <d...@ubuntu.com> Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Signed-By: Matthias Klose <matthias.kl...@canonical.com> https://launchpad.net/ubuntu/lucid/+source/sun-java6/6.22-0ubuntu1~10.04
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 15 Oct 2010 16:05:20 +0200 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb Architecture: source Version: 6.22-0ubuntu1~10.04 Distribution: lucid Urgency: low Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Matthias Klose <d...@ubuntu.com> Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Changes: sun-java6 (6.22-0ubuntu1~10.04) lucid; urgency=low . * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-3556): JDK unspecified vulnerability in 2D component - (CVE-2010-3562): JDK IndexColorModel double-free - (CVE-2010-3565): JDK JPEG writeImage remote code execution - (CVE-2010-3566): JDK ICC Profile remote code execution - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in character counts - (CVE-2010-3571): JDK unspecified vulnerability in 2D component - (CVE-2010-3554): JDK corba reflection vulnerabilities - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component - (CVE-2010-3568): JDK Deserialization Race condition - (CVE-2010-3569): JDK Serialization inconsistencies - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin component - (CVE-2010-3559): JDK unspecified vulnerability in Sound component - (CVE-2010-3572): JDK unspecified vulnerability in Sound component - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving connections from any host - (CVE-2009-3555): TLS: MITM attacks via session renegotiation - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads to DoS - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request splitting) - (CVE-2010-3557): JDK Swing mutable static - (CVE-2010-3541): limit setting of some request headers in HttpURLConnection - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection - (CVE-2010-3548): JDK DNS server IP address information leak - (CVE-2010-3551): NetworkInterface reveals local network address to untrusted code - (CVE-2010-3560): JDK unspecified vulnerability in Networking component Checksums-Sha1: 1db0387a8d08cc80c7a22ec9f6d3f13e780a6607 1714 sun-java6_6.22-0ubuntu1~10.04.dsc d6f0032323ed0bd7fc00d86776920a48bebe84ba 165194956 sun-java6_6.22.orig.tar.gz 35577a75293303aca576880524d810579f4bd77f 87514 sun-java6_6.22-0ubuntu1~10.04.debian.tar.gz Checksums-Sha256: b49948b77df4efabe36d94e2c871a7ea4e4140b103f310cbb1318727dcaea67b 1714 sun-java6_6.22-0ubuntu1~10.04.dsc 6c144a6524cb811ab4fa67ea857474d231c77222088166660b3957ed6dc1678c 165194956 sun-java6_6.22.orig.tar.gz 1d38c18c4fece1d0af8fad0d01a07def32c68d5b86c054cf55ddc122a3c9d876 87514 sun-java6_6.22-0ubuntu1~10.04.debian.tar.gz Files: 1a491d77a286cd4c703edd184b57dde2 1714 partner/java optional sun-java6_6.22-0ubuntu1~10.04.dsc 981bd97edf98849f108df9d3d40352bb 165194956 partner/java optional sun-java6_6.22.orig.tar.gz 5f01b5103528d2208266a2a620dc5614 87514 partner/java optional sun-java6_6.22-0ubuntu1~10.04.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAky5deMACgkQStlRaw+TLJzgnQCeIbkx1rsqRBQKfUE5zLk+3Y6x MZYAoMKC+gVnbsi/ae8NGs2lX9ohbdaI =DVzn -----END PGP SIGNATURE-----
-- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes