Format: 1.8 Date: Tue, 14 Feb 2017 02:27:53 +0000 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea-6-jre-cacao icedtea-6-jre-jamvm openjdk-6-jre-zero Architecture: amd64 Version: 6b41-1.13.13-0ubuntu0.14.04.1 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Tiago Stürmer Daitx Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea-6-jre-jamvm - Alternative JVM for OpenJDK, using JamVM openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b41-1.13.13-0ubuntu0.14.04.1) trusty-security; urgency=medium . * IcedTea 1.13.12 release. * Security fixes backported from 8u121: - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various extraneous bytes added to them whereas the signature is supposed to be unique. - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt sections to be 2^32-1 bytes long so these should not be uncompressed unless the user explicitly requests it. - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may leak information about k. - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to deserialize responses from an LDAP server when an LDAP context is expected. - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how users or external applications would interpret them leading to possible security issues. - S8164147, CVE-2017-3261: An integer overflow exists in SocketOutputStream which can lead to memorydisclosure. - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will dispatch HTTP GET requests where the invoker does not have permission. - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when long running sessions are allowed. - S8165344, CVE-2017-3272: A protected field can be leveraged into type confusion. - S8156802, CVE-2017-3241: RMI deserialization should limit the types deserialized to prevent attacks that could escape the sandbox. * debian/patches/it-add-cpp-flags.patch: refreshed. * debian/patches/it-jamvm-2.0.0.patch: refreshed. * debian/patches/it-emacs-mode.patch: refreshed. * debian/patches/hotspot-disable-arm32-jit.diff: removed, ARM32 JIT is now disabled by default on icedtea. * debian/patches/zero-missing-headers.diff: removed, fix applied upstream. * debian/repack: fix jamvm url. Checksums-Sha1: 656c0e71db8de01101d1ab68928b480f73550f54 15141336 openjdk-6-jdk_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 873d746850fe4b6ff9047bc4887c14906209117d 31179402 openjdk-6-jre-headless_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 43a0a52c6649db1361e2b18d50dcfdee86d1b624 192436 openjdk-6-jre_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 364f5f276773d993aea2024ec615a74b7b22495e 1967086 openjdk-6-demo_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb ef856c48e2fe1b1df67442ca1ee0e18f825d70e7 77254704 openjdk-6-dbg_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb ba04f4d3a68fd51c49d531664ca10432a350452f 333692 icedtea-6-jre-cacao_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb a4959e5026f7c424bec453d54028113b13dcd288 399910 icedtea-6-jre-jamvm_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb d7013fbc5a2993c543fcc4b339513ab504ad2cf1 1864378 openjdk-6-jre-zero_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb Checksums-Sha256: d965ec612931659961d187b8c095e643f5165dbd66ad5311f18121e26fe75c9f 15141336 openjdk-6-jdk_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 44a6f4f3765bd9d4d24dfb0b444b885bed019a1144faa009cbaadb10d9ce0ba3 31179402 openjdk-6-jre-headless_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 3337190e3586f3c53a865ca34ef2c3125062ec94932ecffce207a748f7f9b9dd 192436 openjdk-6-jre_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 1283ddcd8ddca82001e60231578a054581619d0ec8ae5238e9cad6fd80865952 1967086 openjdk-6-demo_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 57203f6b0e44d9edf5706779cb785be6616ce9a3ef3ffe7fad4164b296fa2275 77254704 openjdk-6-dbg_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 1e922ae42e773f8b4616cad06e93f50f331a8606490e724dce6bed8afe398063 333692 icedtea-6-jre-cacao_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 2e81c041579092b3f3b4ddf0647aae294290376e48618aa8369c6052b4b4718f 399910 icedtea-6-jre-jamvm_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb d306198ab2f3078f5c81246a811c0dbce864deaf0b29efdadcaeadd05c618e85 1864378 openjdk-6-jre-zero_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb Files: de21198b3e3e80ed7c5263eb3def0d03 15141336 java optional openjdk-6-jdk_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb e22c65119b81c096166ebda6ef71ca54 31179402 java optional openjdk-6-jre-headless_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 37fe61fa5e10d14c39a43f87bcc05710 192436 java optional openjdk-6-jre_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 0a3ce62f80ea76c0b67e1e24e05b19fe 1967086 java extra openjdk-6-demo_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb a92ad07256baeb66a97571349741f957 77254704 debug extra openjdk-6-dbg_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb d4525fea727036e0e9ce1027eaaa58e9 333692 java extra icedtea-6-jre-cacao_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 7be7e81cabea10e6921f5069e6da9b9d 399910 java extra icedtea-6-jre-jamvm_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb 4c290b73510f0e764130e5f33eb0e414 1864378 java extra openjdk-6-jre-zero_6b41-1.13.13-0ubuntu0.14.04.1_amd64.deb Original-Maintainer: OpenJDK Team