-
sun-java6 (6.26-2maverick1) maverick; urgency=low
* Disable the browser plugin due to security issues.
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
-- James Westby <email address hidden> Sat, 10 Dec 2011 13:55:02 -0500
-
sun-java6 (6.26-1maverick1) maverick; urgency=low
* Initial release of 6.26 for Maverick
-- Brian Thomason <email address hidden> Tue, 12 Jul 2011 18:12:51 +0000
-
sun-java6 (6.24-1build0.10.10.1) maverick; urgency=low
* Fake sync from Debian
* Changed Section prefix from non-free to partner as sun-java6 resides in
Canonical Partner archive as of Lucid
sun-java6 (6.24-1) unstable; urgency=high
* New upstream release
* Watch file added
* Homepage updated to http://jdk-distros.java.net/
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-4476): Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number.
- (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
Execution Vulnerability
- (CVE-2010-4454): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
- (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
Vulnerability
- (CVE-2010-4465): Swing timer-based security manager bypass
- (CVE-2010-4467): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4469): Hotspot backward jsr heap corruption
- (CVE-2010-4473): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4422): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4451): Vulnerability allows successful unauthenticated network
attacks via HTTP.
- (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
Vulnerability
- (CVE-2010-4470): JAXP untrusted component state manipulation
- (CVE-2010-4471): Java2D font-related system property leak
- (CVE-2010-4447): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4475): vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4468): DNS cache poisoning by untrusted applets
- (CVE-2010-4450): Launcher incorrect processing of empty library path
entries
- (CVE-2010-4448): DNS cache poisoning by untrusted applets
- (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
implementation
- (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
Operating System.
sun-java6 (6.23-1) unstable; urgency=low
* New upstream release
* Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
* Standards-Version updated to version 3.9.1
-- Brian Thomason <email address hidden> Mon, 21 Feb 2011 15:42:33 -0500
-
sun-java6 (6.22-0ubuntu1~10.10) maverick; urgency=low
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-3556): JDK unspecified vulnerability in 2D component
- (CVE-2010-3562): JDK IndexColorModel double-free
- (CVE-2010-3565): JDK JPEG writeImage remote code execution
- (CVE-2010-3566): JDK ICC Profile remote code execution
- (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in
character counts
- (CVE-2010-3571): JDK unspecified vulnerability in 2D component
- (CVE-2010-3554): JDK corba reflection vulnerabilities
- (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
- (CVE-2010-3568): JDK Deserialization Race condition
- (CVE-2010-3569): JDK Serialization inconsistencies
- (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start component
- (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin
component
- (CVE-2010-3559): JDK unspecified vulnerability in Sound component
- (CVE-2010-3572): JDK unspecified vulnerability in Sound component
- (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
- (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
- (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start component
- (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
- (CVE-2010-3561): Privileged ServerSocket.accept allows receiving
connections from any host
- (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads
to DoS
- (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request
splitting)
- (CVE-2010-3557): JDK Swing mutable static
- (CVE-2010-3541): limit setting of some request headers in
HttpURLConnection
- (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
- (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
- (CVE-2010-3548): JDK DNS server IP address information leak
- (CVE-2010-3551): NetworkInterface reveals local network address to
untrusted code
- (CVE-2010-3560): JDK unspecified vulnerability in Networking component
-- Matthias Klose <email address hidden> Fri, 15 Oct 2010 16:05:20 +0200
-
sun-java6 (6.21-1ubuntu1) maverick; urgency=low
* Update Debian packaging to r12837.
sun-java6 (6.21-1) unstable; urgency=low
* New upstream release
- There are no security fixes in this release.
* Update $(bin_pattern) and $(diff_ignore) in debian/rules.
* Add a lintian override for embedded-libjpeg.
* Update danish debconf translation; thanks to Joe Dalton. (Closes: #586238)
* Update japanese debconf translation; thanks to Hideki Yamane.
(Closes: #580157)
* Add midori as an alternative to $(browsers) in debian/rules.
(Closes: #588663)
sun-java6 (6.20-dlj-4) unstable; urgency=low
* Remove wrong space character for uming.ttc path in fontconfig.properties.
Thanks to Alberto Alvarez GarcĂa.
sun-java6 (6.20-dlj-3) unstable; urgency=low
* Change Vcs-Svn header to allow anonymous access. (Closes: #478673)
* Add Recommends: ia32-libs-gtk to package ia32-sun-java6-bin.
(Closes: #532359)
* Add a some information to README.Debian that explains how to enable the
plugin in Iceweasel. (Closes: #541154)
* Add myself to Uploaders.
* Add missing changelog entry for CVE-2010-0087 to version 6.19-0ubuntu1.
* Add missing changelog entry for CVE-2010-1423 to version 6.20-1.
sun-java6 (6.20-dlj-2) unstable; urgency=low
* Team upload.
* Update Homepage in d/control.
* Update italian and spanish debconf translation. (Closes: #560354, #570790)
* Switch to source format 3.0.
* Remove files for the old -doc package since we Suggests: openjdk-6-doc.
* Clean up README.Debian and add some information about using dpkg-divert
before manually installing JCE policy files. (Closes: #578578)
-- Matthias Klose <email address hidden> Thu, 30 Sep 2010 12:39:17 +0200
-
sun-java6 (6.20dlj-1ubuntu3) lucid; urgency=low
* Fix java-launcher in java.desktop file. LP: #568707.
-- Matthias Klose <email address hidden> Fri, 23 Apr 2010 13:41:12 +0200