Change log for openjdk-6b18 package in Ubuntu
1 → 34 of 34 results | First • Previous • Next • Last |
openjdk-6b18 (6b18-1.8.13-0ubuntu1~10.04.1) lucid-security; urgency=low * SECURITY UPDATE: update to IcedTea 6 1.8.13 - Security fixes: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server - Bug fixes: - S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl - S7094468, RH751203: rmiregistry clean up - S6851973, PR830: ignore incoming channel binding if acceptor does not set one * drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as it's included in the upstream release. -- Steve Beattie <email address hidden> Tue, 21 Feb 2012 14:35:02 -0800
Available diffs
openjdk-6b18 (6b18-1.8.13-0ubuntu1~10.10.1) maverick-security; urgency=low * SECURITY UPDATE: update to IcedTea 6 1.8.13 - Security fixes: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server - Bug fixes: - S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl - S7094468, RH751203: rmiregistry clean up - S6851973, PR830: ignore incoming channel binding if acceptor does not set one * drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as it's included in the upstream release. -- Steve Beattie <email address hidden> Tue, 21 Feb 2012 12:28:09 -0800
Available diffs
openjdk-6b18 (6b18-1.8.13-0ubuntu1~11.04.1) natty-security; urgency=low * SECURITY UPDATE: update to IcedTea 6 1.8.13 - Security fixes: - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - S7110704, CVE-2012-0506: Issues with some method in corba - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server - Bug fixes: - S7102369, RH751203: remove java.rmi.server.codebase property parsing from registyimpl - S7094468, RH751203: rmiregistry clean up - S6851973, PR830: ignore incoming channel binding if acceptor does not set one * drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as it's included in the upstream release. -- Steve Beattie <email address hidden> Tue, 21 Feb 2012 10:39:17 -0800
Available diffs
openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.3) lucid-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) -- Steve Beattie <email address hidden> Fri, 20 Jan 2012 16:40:50 -0800
Available diffs
openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.3) maverick-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) -- Steve Beattie <email address hidden> Fri, 20 Jan 2012 15:41:49 -0800
Available diffs
openjdk-6b18 (6b18-1.8.10-0ubuntu1~11.04.2) natty-security; urgency=low * debian/patches/openjdk-7103725-ssl_beast_regression.patch: Add regression fix for broken ssl connectivity when using TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761) -- Steve Beattie <email address hidden> Fri, 20 Jan 2012 15:26:34 -0800
Available diffs
openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.04.2) lucid-security; urgency=low * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw - debian/patches/SOP-bypass-icedtea6-1.8.patch: Remove special case for SocketPermission. - CVE-2011-3377 - Applied inline due to needing to apply patches only once for netx, not for every vm
Available diffs
openjdk-6b18 (6b18-1.8.10-0ubuntu1~10.10.2) maverick-security; urgency=low * SECURITY UPDATE: Same Origin Policy (SOP) bypass flaw - debian/patches/SOP-bypass-icedtea6-1.8.patch: Remove special case for SocketPermission. - CVE-2011-3377 - Applied inline due to needing to apply patches only once for netx, not for every vm build.
Available diffs
openjdk-6b18 (6b18-1.8.10-0ubuntu1~11.04.1) natty-security; urgency=low * SECURITY UPDATE: IcedTea6 1.8.10 release (LP: #878684) - security fixes: - S7000600, CVE-2011-3547: InputStream skip() information leak - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow - S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine - S7055902, CVE-2011-3521: IIOP deserialization code execution - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) - S7077466, CVE-2011-3556: RMI DGC server remote code execution - S7083012, CVE-2011-3557: RMI registry privileged code execution - S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection -- Steve Beattie <email address hidden> Thu, 27 Oct 2011 09:21:56 -0700
Available diffs
openjdk-6b18 (6b18-1.8.8-0ubuntu1~10.04.2+1.8.9) lucid-security; urgency=low * SECURITY UPDATE: information disclosure - IcedTea 1.8.9 release: + debian/patches/cache-directory-exposed-it6-1.9.patch: don't allow unsigned web start applications/applets determine the location of the netx cache directory + CVE-2011-2513 + applied inline due to no natty update (icedtea-web is separate there) * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: remove Override attributes per http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=764 -- Steve Beattie <email address hidden> Mon, 25 Jul 2011 21:00:13 -0700
Available diffs
openjdk-6b18 (6b18-1.8.8-0ubuntu1~10.10.2+1.8.9) maverick-security; urgency=low * SECURITY UPDATE: information disclosure - IcedTea 1.8.9 release: + debian/patches/cache-directory-exposed-it6-1.9.patch: don't allow unsigned web start applications/applets determine the location of the netx cache directory + CVE-2011-2513 + applied inline due to no natty update (icedtea-web is separate there) * netx/net/sourceforge/jnlp/runtime/CachedJarFileCallback.java: remove Override attributes per http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=764 -- Steve Beattie <email address hidden> Mon, 25 Jul 2011 17:44:43 -0700
Available diffs
openjdk-6b18 (6b18-1.8.8-0ubuntu1~10.04.1) lucid-security; urgency=low * SECURITY UPDATE: IcedTea6 1.8.8 release. - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - S6618658, CVE-2011-0865: Vulnerability in deserialization - S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - S7013971, CVE-2011-0869: Vulnerability in SAAJ - S7016340, CVE-2011-0870: Vulnerability in SAAJ - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables * Backport CACAO updates from the 6-1.10 branch. * debian/generate_debian_orig.sh: adjust settings to match the generation of this update. * debian/rules: debian/patches/hotspot-fix_added_define.patch; applied upstream -- Steve Beattie <email address hidden> Sat, 11 Jun 2011 08:30:25 -0700
Available diffs
openjdk-6b18 (6b18-1.8.8-0ubuntu1~10.10.1) maverick-security; urgency=low * SECURITY UPDATE: IcedTea6 1.8.8 release. - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - S6618658, CVE-2011-0865: Vulnerability in deserialization - S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - S7013971, CVE-2011-0869: Vulnerability in SAAJ - S7016340, CVE-2011-0870: Vulnerability in SAAJ - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables * Backport CACAO updates from the 6-1.10 branch. * debian/generate_debian_orig.sh: adjust settings to match the generation of this update. * debian/rules: debian/patches/hotspot-fix_added_define.patch; applied upstream -- Steve Beattie <email address hidden> Sat, 11 Jun 2011 08:29:51 -0700
Available diffs
Deleted in precise-release (Reason: openjdk-6b18 was provided for armel. openjdk-6 now builds...) |
Obsolete in oneiric-release |
Superseded in natty-updates |
Superseded in natty-security |
openjdk-6b18 (6b18-1.8.8-0ubuntu1~11.04.1) natty-security; urgency=low * SECURITY UPDATE: - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - S6618658, CVE-2011-0865: Vulnerability in deserialization - S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - S7013971, CVE-2011-0869: Vulnerability in SAAJ - S7016340, CVE-2011-0870: Vulnerability in SAAJ - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables * debian/generate_debian_orig.sh: adjust settings to match the generation of this update. -- Steve Beattie <email address hidden> Fri, 10 Jun 2011 14:21:03 -0700
Available diffs
openjdk-6b18 (6b18-1.8.8~pre1-0ubuntu1) natty; urgency=low * Update Icedtea6 from the 6-1.8 branch (20110325). * Backport JamVM and CACAO updates from the 6-1.10 branch. * Add multiarch directories to the default library path. -- Matthias Klose <email address hidden> Fri, 25 Mar 2011 15:41:11 +0100
Available diffs
openjdk-6b18 (6b18-1.8.7-0ubuntu2.1) maverick-security; urgency=low [ Matthias Klose ] * IcedTea6 1.8.7 release. - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption. - S6907662, CVE-2010-4465: Swing timer-based security manager bypass. - S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation. - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets. - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries. - S6985453, CVE-2010-4471: Java2D font-related system property leak. - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation. - CVE-2011-0706: Multiple signers privilege escalation. * IcedTea6 1.8.6 release. - S4421494, CVE-2010-4476: infinite loop while parsing double literal. [ Steve Beattie ] * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 -- Steve Beattie <email address hidden> Mon, 14 Mar 2011 15:37:03 -0700
Available diffs
openjdk-6b18 (6b18-1.8.7-0ubuntu1~9.10.1) karmic-security; urgency=low [ Matthias Klose ] * IcedTea6 1.8.7 release. - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption. - S6907662, CVE-2010-4465: Swing timer-based security manager bypass. - S6994263, CVE-2010-4472: Untrusted code allowed to replace DSIG/C14N implementation. - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets. - S6983554, CVE-2010-4450: Launcher incorrect processing of empty library path entries. - S6985453, CVE-2010-4471: Java2D font-related system property leak. - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation. - CVE-2011-0706: Multiple signers privilege escalation. * IcedTea6 1.8.6 release. - S4421494, CVE-2010-4476: infinite loop while parsing double literal. [ Steve Beattie ] * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 -- Steve Beattie <email address hidden> Wed, 09 Mar 2011 09:24:36 -0800
Available diffs
openjdk-6b18 (6b18-1.8.7-0ubuntu1~10.04.2) lucid-security; urgency=low * Rebuild after pulling binutils and gcj-4.4 from lucid-updates to lucid-security to fix FTBFS * debian/patches/hotspot-fix_added_define.patch: added to fix redefinition added by patch for S6878713 -- Steve Beattie <email address hidden> Sat, 05 Mar 2011 06:01:33 -0800
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.7-0ubuntu5) natty; urgency=low * icedtea-6-jre-jamvm: Build JamVM as an alternative VM, start with `java -jamvm'. -- Matthias Klose <email address hidden> Thu, 03 Mar 2011 07:39:45 +0100
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.7-0ubuntu4) natty; urgency=low * Backport fix for PR632 from the IcedTea6 trunk. -- Matthias Klose <email address hidden> Thu, 03 Mar 2011 07:39:45 +0100
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.7-0ubuntu3) natty; urgency=low * Remove obsolete patch.
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.7-0ubuntu2) natty; urgency=low * Browser plugin and Webstart are built from icedtea-web. LP: #726845.
Available diffs
openjdk-6b18 (6b18-1.8.5-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. -- Steve Beattie <email address hidden> Thu, 27 Jan 2011 11:00:24 -0800
Available diffs
openjdk-6b18 (6b18-1.8.5-0ubuntu1) maverick-security; urgency=low * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. - CVE-2010-4351: IcedTea JNLP SecurityManager bypass. -- Matthias Klose <email address hidden> Thu, 27 Jan 2011 10:30:52 +0100
Available diffs
openjdk-6b18 (6b18-1.8.5-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.8.5 release. - CVE-2011-0025: IcedTea jarfile signature verification bypass. -- Matthias Klose <email address hidden> Thu, 27 Jan 2011 10:30:52 +0100
Available diffs
openjdk-6b18 (6b18-1.8.4-0ubuntu1~9.10.1) karmic-security; urgency=low * IcedTea6 1.8.4 release. - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass. -- Matthias Klose <email address hidden> Fri, 07 Jan 2011 11:40:12 +0100
Available diffs
Superseded in lucid-security |
openjdk-6b18 (6b18-1.8.4-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.8.4 release. - Fix CVE-2010-4351: IcedTea JNLP SecurityManager bypass. -- Matthias Klose <email address hidden> Fri, 07 Jan 2011 11:40:12 +0100
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.3-1ubuntu3) natty; urgency=low * Re-add build dependency on fastjar. -- Matthias Klose <email address hidden> Sun, 28 Nov 2010 13:06:30 +0100
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.3-1ubuntu2) natty; urgency=low * Pass --disable-webstart --disable-plugin to the configury. -- Matthias Klose <email address hidden> Sun, 28 Nov 2010 10:35:12 +0100
Available diffs
Superseded in natty-release |
openjdk-6b18 (6b18-1.8.3-1ubuntu1) natty; urgency=low * Stop building NetX and the plugin. * Don't run the shark tests on ARM. -- Matthias Klose <email address hidden> Sun, 28 Nov 2010 09:56:58 +0100
Available diffs
openjdk-6b18 (6b18-1.8.3-0ubuntu1~10.04.1) lucid-security; urgency=low * IcedTea6 1.8.3 release. - CVE-2010-3860: Fix IcedTea System property information leak via public static. * Start metacity using dbus-launch, when running the testsuite. LP: #632594. -- Matthias Klose <email address hidden> Sun, 21 Nov 2010 17:12:01 +0100
Available diffs
openjdk-6b18 (6b18-1.8.3-0ubuntu1) maverick-security; urgency=low * IcedTea6 1.8.3 release. - CVE-2010-3860: Fix IcedTea System property information leak via public static. * Start metacity using dbus-launch, when running the testsuite. LP: #632594. -- Matthias Klose <email address hidden> Sun, 21 Nov 2010 17:12:01 +0100
Available diffs
openjdk-6b18 (6b18-1.8.2-4ubuntu1) maverick-security; urgency=low * Build as separate source, just for armel. * Merge the -lib package into the -jre-headless package.
Available diffs
openjdk-6b18 (6b18-1.8.1-2ubuntu1) maverick; urgency=low * Build as separate source, just for armel. * Merge the -lib package into the -jre-headless package. -- Matthias Klose <email address hidden> Tue, 07 Sep 2010 22:16:41 +0200
1 → 34 of 34 results | First • Previous • Next • Last |