Format: 1.8
Date: Tue, 30 Mar 2010 23:07:56 +0000
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb
Architecture: ia64
Version: 6.19-0ubuntu1
Distribution: lucid
Urgency: low
Maintainer: Ubuntu/ia64 Build Daemon <buildd@hooker.buildd>
Changed-By: Matthias Klose <doko@canonical.com>
Description: 
 ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
 ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
 sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent
 sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
 sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
 sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
 sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen
 sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Changes: 
 sun-java6 (6.19-0ubuntu1) lucid; urgency=low
 .
   * New upstream version.
   * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
     - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
     - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
       if run with -Xcomp (6894807).
     - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
       (6899653).
     - (CVE-2010-0082): Loader-constraint table allows arrays instead of
       only the base-classes (6626217).
     - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
       network addresses (6893954) [ZDI-CAN-603].
     - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
     - (CVE-2010-0091): Unsigned applet can retrieve the dragged information
       before drop action occurs (6887703).
     - (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
     - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
       (6633872).
     - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
       error (6888149).
     - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
       enforce stricter checks (6893947) [ZDI-CAN-588].
     - (CVE-2010-0093): System.arraycopy unable to reference elements
       beyond Integer.MAX_VALUE bytes (6892265).
     - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
       Vulnerability (6904691).
     - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
     - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
       (6914866).
     - (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
     - 6639665: ThreadGroup finalizer allows creation of false root
       ThreadGroups.
     - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
       encoded CommonName OIDs.
     - 6910590: Application can modify command array in ProcessBuilder.
     - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
     - 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
     - 6898739: TLS renegotiation issue.
Checksums-Sha1: 
 1314c327babd1647bbe228a71d39adc61bd093fa 29437988 ia32-sun-java6-bin_6.19-0ubuntu1_ia64.deb
Checksums-Sha256: 
 741ed4e8dd7ab70dd2e4c40cc8e3b5f3ac728eceebb9345ee116b64814d34e89 29437988 ia32-sun-java6-bin_6.19-0ubuntu1_ia64.deb
Files: 
 52796aa481a677e5ef36c7bd66ec4cd4 29437988 partner/java optional ia32-sun-java6-bin_6.19-0ubuntu1_ia64.deb