Ubuntu
sun-java6 package

Change logs for sun-java6 source package in Maverick

  1. Maverick (10.10)
  2. Change log 
  • sun-java6 (6.26-2maverick1) maverick; urgency=low

  * Disable the browser plugin due to security issues.
    - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
 -- James Westby <email address hidden>   Sat, 10 Dec 2011 13:55:02 -0500
  • sun-java6 (6.26-1maverick1) maverick; urgency=low

  * Initial release of 6.26 for Maverick
 -- Brian Thomason <email address hidden>   Tue, 12 Jul 2011 18:12:51 +0000
  • sun-java6 (6.24-1build0.10.10.1) maverick; urgency=low

  * Fake sync from Debian
  * Changed Section prefix from non-free to partner as sun-java6 resides in
    Canonical Partner archive as of Lucid

sun-java6 (6.24-1) unstable; urgency=high

  * New upstream release
  * Watch file added
  * Homepage updated to http://jdk-distros.java.net/
  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
    - (CVE-2010-4476): Java Runtime Environment hangs when converting
      "2.2250738585072012e-308" to a binary floating-point number.
    - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
                       Execution Vulnerability
    - (CVE-2010-4454): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
    - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
                       Vulnerability
    - (CVE-2010-4465): Swing timer-based security manager bypass
    - (CVE-2010-4467): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4469): Hotspot backward jsr heap corruption
    - (CVE-2010-4473): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4422): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4451): Vulnerability allows successful unauthenticated network
                       attacks via HTTP.
    - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
                       Vulnerability
    - (CVE-2010-4470): JAXP untrusted component state manipulation
    - (CVE-2010-4471): Java2D font-related system property leak
    - (CVE-2010-4447): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4475): vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4468): DNS cache poisoning by untrusted applets
    - (CVE-2010-4450): Launcher incorrect processing of empty library path
                       entries
    - (CVE-2010-4448): DNS cache poisoning by untrusted applets
    - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
                       implementation
    - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
                       Operating System.

sun-java6 (6.23-1) unstable; urgency=low

  * New upstream release
  * Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
  * Standards-Version updated to version 3.9.1
 -- Brian Thomason <email address hidden>   Mon, 21 Feb 2011 15:42:33 -0500
  • sun-java6 (6.22-0ubuntu1~10.10) maverick; urgency=low

  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
    - (CVE-2010-3556): JDK unspecified vulnerability in 2D component
    - (CVE-2010-3562): JDK IndexColorModel double-free
    - (CVE-2010-3565): JDK JPEG writeImage remote code execution
    - (CVE-2010-3566): JDK ICC Profile remote code execution
    - (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in
                       character counts
    - (CVE-2010-3571): JDK unspecified vulnerability in 2D component
    - (CVE-2010-3554): JDK corba reflection vulnerabilities
    - (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
    - (CVE-2010-3568): JDK Deserialization Race condition
    - (CVE-2010-3569): JDK Serialization inconsistencies
    - (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component
    - (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin
                       component
    - (CVE-2010-3559): JDK unspecified vulnerability in Sound component
    - (CVE-2010-3572): JDK unspecified vulnerability in Sound component
    - (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
    - (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
    - (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component
    - (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
    - (CVE-2010-3561): Privileged ServerSocket.accept allows receiving
                       connections from any host
    - (CVE-2009-3555): TLS: MITM attacks via session renegotiation
    - (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads
                       to DoS
    - (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request
                       splitting)
    - (CVE-2010-3557): JDK Swing mutable static
    - (CVE-2010-3541): limit setting of some request headers in
                       HttpURLConnection
    - (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
    - (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
    - (CVE-2010-3548): JDK DNS server IP address information leak
    - (CVE-2010-3551): NetworkInterface reveals local network address to
                       untrusted code
    - (CVE-2010-3560): JDK unspecified vulnerability in Networking component
 -- Matthias Klose <email address hidden>   Fri, 15 Oct 2010 16:05:20 +0200
  • sun-java6 (6.21-1ubuntu1) maverick; urgency=low

  * Update Debian packaging to r12837.

sun-java6 (6.21-1) unstable; urgency=low

  * New upstream release
    - There are no security fixes in this release.
  * Update $(bin_pattern) and $(diff_ignore) in debian/rules.
  * Add a lintian override for embedded-libjpeg.
  * Update danish debconf translation; thanks to Joe Dalton. (Closes: #586238)
  * Update japanese debconf translation; thanks to Hideki Yamane.
    (Closes: #580157)
  * Add midori as an alternative to $(browsers) in debian/rules.
    (Closes: #588663)

sun-java6 (6.20-dlj-4) unstable; urgency=low

  * Remove wrong space character for uming.ttc path in fontconfig.properties.
    Thanks to Alberto Alvarez GarcĂ­a.

sun-java6 (6.20-dlj-3) unstable; urgency=low

  * Change Vcs-Svn header to allow anonymous access. (Closes: #478673)
  * Add Recommends: ia32-libs-gtk to package ia32-sun-java6-bin.
    (Closes: #532359)
  * Add a some information to README.Debian that explains how to enable the
    plugin in Iceweasel. (Closes: #541154)
  * Add myself to Uploaders.
  * Add missing changelog entry for CVE-2010-0087 to version 6.19-0ubuntu1.
  * Add missing changelog entry for CVE-2010-1423 to version 6.20-1.

sun-java6 (6.20-dlj-2) unstable; urgency=low

  * Team upload.
  * Update Homepage in d/control.
  * Update italian and spanish debconf translation. (Closes: #560354, #570790)
  * Switch to source format 3.0.
  * Remove files for the old -doc package since we Suggests: openjdk-6-doc.
  * Clean up README.Debian and add some information about using dpkg-divert
    before manually installing JCE policy files. (Closes: #578578)
 -- Matthias Klose <email address hidden>   Thu, 30 Sep 2010 12:39:17 +0200
  • sun-java6 (6.20dlj-1ubuntu3) lucid; urgency=low

  * Fix java-launcher in java.desktop file. LP: #568707.
 -- Matthias Klose <email address hidden>   Fri, 23 Apr 2010 13:41:12 +0200