Format: 1.8 Date: Sun, 04 Apr 2010 12:43:27 +0200 Source: openjdk-6 Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg icedtea6-plugin icedtea-6-jre-cacao openjdk-6-jre-zero Architecture: armel Version: 6b16-1.6.1-3ubuntu3 Distribution: karmic Urgency: low Maintainer: Ubuntu/armel Build Daemon Changed-By: Matthias Klose Description: icedtea-6-jre-cacao - Alternative JVM for OpenJDK, using Cacao icedtea6-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-6-demo - Java runtime based on OpenJDK (demos and examples) openjdk-6-doc - OpenJDK Development Kit (JDK) documentation openjdk-6-jdk - OpenJDK Development Kit (JDK) openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name} openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless) openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-6-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-6-source - OpenJDK Development Kit (JDK) source files Changes: openjdk-6 (6b16-1.6.1-3ubuntu3) karmic-security; urgency=low . * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299). - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807). - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653). - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217). - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) [ZDI-CAN-603]. - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390). - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703). - (CVE-2010-0088): Inflater/Deflater clone issues (6745393). - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains (6633872). - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149). - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) [ZDI-CAN-588]. - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265). - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691). - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823). - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866). - (CVE-2009-3555): TLS: MITM attacks via session renegotiation. - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups. - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly. encoded CommonName OIDs. - 6910590: Application can modify command array in ProcessBuilder. - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability. - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? - 6898739: TLS renegotiation issue. * Build-depend on x11-xkb-utils. Checksums-Sha1: d9eec3901c297db8ed81fec28ddd2155b1e6f43c 9008172 openjdk-6-jdk_6b16-1.6.1-3ubuntu3_armel.deb c574e45793132d9ded7dd5b8a42c309e4f52bc35 23312628 openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_armel.deb fe43d53ef626b87314d4d5009f23042a83adb2e3 256104 openjdk-6-jre_6b16-1.6.1-3ubuntu3_armel.deb 5aa8cd4a541fe1f8ead601ee93de6370123e493a 2341666 openjdk-6-demo_6b16-1.6.1-3ubuntu3_armel.deb 9291e9deb986f75f415d440f24792f2b1d33dc72 76908436 openjdk-6-dbg_6b16-1.6.1-3ubuntu3_armel.deb fa5366407ea53ca35da49b845b33754758a4c0dd 75528 icedtea6-plugin_6b16-1.6.1-3ubuntu3_armel.deb 0e8fd372bd06221a4b1cf6ddb0d6bc910953448a 316222 icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_armel.deb af23ec5fc23c298009a5c7349823ce2747f899a7 4059344 openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_armel.deb Checksums-Sha256: 7fe75120c632fc40e354973ad22f08fcefa622ece3d8cdf147e052225fb2b0a6 9008172 openjdk-6-jdk_6b16-1.6.1-3ubuntu3_armel.deb e6f77b2a10680cadb267297e5f57f6124343358bbf1b4608b44236815c200353 23312628 openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_armel.deb c957a905a4ef0cb333ec2b2ff4aa6c57df1bbd499f47e6cde861bf5c6fe794c7 256104 openjdk-6-jre_6b16-1.6.1-3ubuntu3_armel.deb 84c19504ceee4c7a68bf0fe10987b1ec873d1a0035817388aac94f617b025b54 2341666 openjdk-6-demo_6b16-1.6.1-3ubuntu3_armel.deb 4d6e661e9c0b2385ba1305cfc4bcc424ba86dfd4c6f46ea8083f25947862c296 76908436 openjdk-6-dbg_6b16-1.6.1-3ubuntu3_armel.deb 1e2a0f3ea3c54fe5840f3b3f70b460edf59834c99c0b54ceec553de67a0338b4 75528 icedtea6-plugin_6b16-1.6.1-3ubuntu3_armel.deb 2d4b478eae5cc78f80c6910b17b69aaa0f3dc76adcc47858e46905995128255f 316222 icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_armel.deb cce32d8a51da6bae01d858bca03d4e33868c55bd9eafa846144f18cdc6491064 4059344 openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_armel.deb Files: 35accf2e764ae7a87df2d073eebde6e9 9008172 java optional openjdk-6-jdk_6b16-1.6.1-3ubuntu3_armel.deb 4c56c88f7a5aed3fbe41880a67f6a5ad 23312628 java optional openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_armel.deb 6d29e3dd70f7c48eb1fcf482cc09e5c4 256104 java optional openjdk-6-jre_6b16-1.6.1-3ubuntu3_armel.deb 37ab4bc478e23f7993c98b4d79f93dba 2341666 java extra openjdk-6-demo_6b16-1.6.1-3ubuntu3_armel.deb ed2f1d2155320fadeda63db93e3fa77c 76908436 debug extra openjdk-6-dbg_6b16-1.6.1-3ubuntu3_armel.deb 997bb6483f9fa21b8504b647a0dfec1e 75528 web optional icedtea6-plugin_6b16-1.6.1-3ubuntu3_armel.deb 13f8de962223f3c4f157474c266ef46a 316222 java extra icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_armel.deb 887807a8308619b813e562a5f369e2f7 4059344 java extra openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_armel.deb