Format: 1.7
Date: Mon, 29 Mar 2010 21:05:11 +0200
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg
Architecture: lpia
Version: 6b11-2ubuntu2.2
Distribution: hardy
Urgency: low
Maintainer: Ubuntu/lpia Build Daemon <buildd@molybdenum.buildd>
Changed-By: Matthias Klose <doko@ubuntu.com>
Description: 
 openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-6-jdk - OpenJDK Development Kit (JDK)
 openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-6-source - OpenJDK Development Kit (JDK) source files
Changes: 
 openjdk-6 (6b11-2ubuntu2.2) hardy-security; urgency=low
 .
   * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
     - 6626217: Loader-constraint table allows arrays instead of only
       the base-classes.
     - 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
     - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
     - 6736390: File TOCTOU deserialization vulnerability.
     - 6745393: Inflater/Deflater clone issues.
     - 6887703: Unsigned applet can retrieve the dragged information before drop
       action occur.
     - 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
     - 6892265: System.arraycopy unable to reference elements beyond
       Integer.MAX_VALUE bytes.
     - 6893947: Deserialization of RMIConnectionImpl objects should enforce
       stricter checks [ZDI-CAN-588].
     - 6893954: Subclasses of InetAddress may incorrectly interpret network
       addresses [ZDI-CAN-603].
     - 6894807: No ClassCastException for HashAttributeSet constructors if run
       with -Xcomp.
     - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
       encoded CommonName OIDs.
     - 6898739: TLS renegotiation issue.
     - 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
     - 6902299: Java JAR "unpack200" must verify input parameters.
     - 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
       Vulnerability.
     - 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
       Vulnerability.
     - 6910590: Application can modify command array, in ProcessBuilder.
     - 6914823: Java AWT Library Invalid Index Vulnerability.
     - 6914866: JRE ImagingLib arbitrary code execution vulnerability.
     - 6932480: Crash in CompilerThread/Parser.
Files: 
 98cb40a0d788c3750247379a22bee067 9448498 devel extra openjdk-6-jdk_6b11-2ubuntu2.2_lpia.deb
 8d8e89c8d4e801f9911de9d12c245875 23773060 interpreters extra openjdk-6-jre-headless_6b11-2ubuntu2.2_lpia.deb
 6fcfbcff910e018a64ec9f76894c81ab 217316 interpreters extra openjdk-6-jre_6b11-2ubuntu2.2_lpia.deb
 795aa31006cccb06d818aff24a1f82b4 2344972 devel extra openjdk-6-demo_6b11-2ubuntu2.2_lpia.deb
 13e73eae4986b94270032c8f4e3ddcf8 104062648 devel extra openjdk-6-dbg_6b11-2ubuntu2.2_lpia.deb
Original-Maintainer: OpenJDK Team <openjdk@lists.launchpad.net>