← Back to team overview

openjdk team mailing list archive

[Bug 551328] Re: Applets use 100% of CPU

 

This bug was fixed in the package openjdk-6 - 6b18-1.8-4ubuntu3~9.04.2

---------------
openjdk-6 (6b18-1.8-4ubuntu3~9.04.2) jaunty-security; urgency=low

  * Upload to Jaunty

openjdk-6 (6b18-1.8-4ubuntu3) lucid-proposed; urgency=low

  * Update from the 1.8 branch.
  * Rebuild with fixed ant.
  * Disable building the shark based VM on armel.
  * Always build the ARM assembler interpreter in arm mode.

openjdk-6 (6b18-1.8-4) unstable; urgency=low

  * Update from the 1.8 branch.
    - Plugin and netx fixes.
    - Don't link the plugin against the libxul libraries. Closes: #576361.
    - More plugin cpu usage fixes. Closes: #584335, #587049.
    - Plugin: fixes AppletContext.getApplets().
    - Fix race conditions in plugin initialization code that were causing
      hangs when loading multiple applets in parallel.
  * Fix Vcs-Bzr location. Closes: #530883.
  * Search for unversioned llvm-config tool.
  * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641.
  * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font.
    LP: #472845.
  * Strip libjvm.so with --strip-debug instead of --strip-unneeded.
    LP: #574997.
  * Don't turn on the ARM assembler interpreter when building the shark
    VM.

openjdk-6 (6b18-1.8-3) unstable; urgency=low

  * Update from the 1.8 branch.
    - Plugin fixes. LP: #597714.
  * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359.
  * Work around build failure on buildds configured with low ARG_MAX
    (Giovanni Mascellani). Closes: #575254.

openjdk-6 (6b18-1.8-2ubuntu2) maverick; urgency=low

  * Search for unversioned llvm-config tool.

openjdk-6 (6b18-1.8-2ubuntu1) maverick; urgency=low

  * Upload to maverick.

openjdk-6 (6b18-1.8-2) unstable; urgency=low

  * Update from the 1.8 branch.
    - Fix build on Hitachi SH. Closes: #575346.
    - Shark and Zero fixes.
  * Build shark using llvm-2.7.
  * Don't use shark to run the test harness when testing the shark build.
  * README.Debian: Add paragraph about debugging the IcedTea NPPlugin.

openjdk-6 (6b18-1.8-1) unstable; urgency=low

  * Upload to unstable.

openjdk-6 (6b18-1.8-0ubuntu1) lucid; urgency=low

  * Update IcedTea6 to the icedtea6-1.8 release.
  * Fix builds on Ubuntu/dapper and Debian/lenny.
  * On hppa, configure --without-rhino --disable-plugin.
  * Fix Hitachi SH configury. Closes: #575346.
  * Start a window manager when running the tests. Prefer metacity,
    as more tests pass with it.
  * Let XToolkit.isTraySupported() return true, if Compiz is running.
    Works around sun#6438179. LP: #300948.
  * Make <java_home>/jre/lib/security/nss.cfg a config file.
  * Fail in the configuration of the packages, if /proc is not mounted.
    java currently uses tricks to find its own shared libraries depending
    on the path of the binary. Will be changed in OpenJDK7. Closes: #576453.
  * Fix PR icedtea/469, testsuite failures with the NSS based security
    provider. LP: #556549.
  * Do not pass LD_LIBRARY_PATH from the plugin to the java process.
    While libnss3.so gets loaded from /usr/lib, the dependent libraries
    are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox
    config). LP: #561124.
    Closes as well: LP: #551328, #554909, #560829, #549010, #553452.
  * Always build shark with hs14.

openjdk-6 (6b18~pre4-1ubuntu1) lucid; urgency=low

  * Build-depend on xulrunner-1.9.2-dev instead of xulrunner-dev,
    unexpectedly demoted to universe.
  * icedtea6-plugin: Hardcode dependency on xulrunner-1.9.2. No way
    to do better? See #552780.
  * Fix builds on Ubuntu hardy.

openjdk-6 (6b18~pre4-1) unstable; urgency=high

  * Upload to unstable.

openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low

  * Fix typo in NPPlugin code. LP: #552287.

openjdk-6 (6b18~pre4-0ubuntu1) lucid; urgency=low

  [ Matthias Klose ]
  * Update IcedTea6 form the 1.8 branch.
  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
    - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299).
    - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors
      if run with -Xcomp (6894807).
    - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability
      (6899653).
    - (CVE-2010-0082): Loader-constraint table allows arrays instead of
      only the base-classes (6626217).
    - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret
      network addresses (6893954) [ZDI-CAN-603].
    - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390).
    - (CVE-2010-0091): Unsigned applet can retrieve the dragged information
      before drop action occurs (6887703).
    - (CVE-2010-0088): Inflater/Deflater clone issues (6745393).
    - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains
      (6633872).
    - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR
      error (6888149).
    - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should
      enforce stricter checks (6893947) [ZDI-CAN-588].
    - (CVE-2010-0093): System.arraycopy unable to reference elements
      beyond Integer.MAX_VALUE bytes (6892265).
    - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation
      Vulnerability (6904691).
    - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823).
    - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability
      (6914866).
    - (CVE-2009-3555): TLS: MITM attacks via session renegotiation.
    - 6639665: ThreadGroup finalizer allows creation of false root
      ThreadGroups.
    - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly.
      encoded CommonName OIDs.
    - 6910590: Application can modify command array in ProcessBuilder.
    - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability.
    - 6932480: Crash in CompilerThread/Parser. Unloaded array klass?
    - 6898739: TLS renegotiation issue.

  [ Torsten Werner ]
  * Switch off IPV6_V6ONLY for IN6_IS_ADDR_UNSPECIFIED addresses, too.
    (Closes: #575163)

openjdk-6 (6b18~pre3-1) unstable; urgency=low

  [ Matthias Klose ]
  * Update IcedTea build infrastructure (20100321).
  * Update support for SH4 (Nobuhiro Iwamatsu).
  * Handle renaming of the plugin name.

  [ Torsten Werner ]
  * Improve patch for IPv4 mapped IPv6 addresses even more.
    (Closes: #573742)

openjdk-6 (6b18~pre2-1ubuntu2) lucid; urgency=low

  * Fix build failure on ARM.

openjdk-6 (6b18~pre2-1ubuntu1) lucid; urgency=low

  * Upload to lucid.

openjdk-6 (6b18~pre2-1) unstable; urgency=low

  * Update IcedTea build infrastructure (20100310).
  * Disable building the plugin the plugin on alpha (borked xulrunner
    packaging using binary indep packages).
  * Use a two stage build on alpha.
  * Add note about the reparenting WM workaround. Closes: #573026.
  * Prefer Sazanami instead of Kochi for Japanese fonts (Hideki Yamane).
    Closes: #572511.
  * openjdk-6-doc: Don't compress package-list files. Closes: #567899.

openjdk-6 (6b18~pre1-4) unstable; urgency=low

  * Improve patch for IPv4 mapped IPv6 addresses.

openjdk-6 (6b18~pre1-3) unstable; urgency=low

  * Add a patch for improved handling of IPv4 mapped IPv6 addresses.
    (Closes: #560056, #561930, #563699, #563946)

openjdk-6 (6b18~pre1-2) unstable; urgency=low

  * Change Build-Depends: ant1.7-optional because of a bus error in gij.

openjdk-6 (6b18~pre1-1ubuntu1) lucid; urgency=low

  * Ignore error code running ant -diagnostics.
  * Build-depend on ant-optional.
  * Disable the cacao build on armel, fails to build with the non
    bootstrap build.

openjdk-6 (6b18~pre1-1) unstable; urgency=low

  * Upload to unstable.

openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low

  * New Openjdk6 b18 source code drop.
  * Use mangled copy of rhino. Closes: #512970. LP: #255149.

openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low

  * ARM Thumb2 updates.
  * Test build using Hotspt hs14 on ix86.

openjdk-6 (6b18~pre1-1) unstable; urgency=low

  * Upload to unstable.

openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low

  * New Openjdk6 b18 source code drop.
  * Use mangled copy of rhino. Closes: #512970. LP: #255149.

openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low

  * ARM Thumb2 updates.
  * Test build using Hotspt hs14 on ix86.

openjdk-6 (6b17-1.7-1) unstable; urgency=low

  * Upload to unstable.

openjdk-6 (6b17-1.7-0ubuntu1) lucid; urgency=low

  * IcedTea6 1.7 release.
  * Don't try to load libjpeg7; still building with libjpeg62. Closes: #563999.
  * Run the testsuite on sh4.
  * Ubuntu only: Implement an execute bit checker for the Non-Exec Policy
    - debian/JB-java.desktop.in: update mime handler to use new launcher.
  * armel: Apply the thumb2 patches from the trunk, plus proposed patches
    for the trunk.

openjdk-6 (6b17-0ubuntu1) lucid; urgency=low

  * Build from the IcedTea6-1.7 branch.
  * Don't build the plugin on sparc64.
  * Enable the NPPlugin.
  * Add support for SH4 (Nobuhiro Iwamatsu).
  * Fix crash in the ARM assembler interpreter (Edward Nevill).

openjdk-6 (6b17~pre3-1ubuntu2) lucid; urgency=low

  * Update IcedTea build infrastructure (20091224).
  * Explicitely build-depend on x11-xkb-utils (xkbcomp is needed by
    xvfb-run).

openjdk-6 (6b17~pre3-1ubuntu1) lucid; urgency=low

  * Upload to lucid.

openjdk-6 (6b17~pre3-1) unstable; urgency=low

  * Update IcedTea build infrastructure (20091218).
  * Install docs into the openjdk-6-jre-headless directory instead of
    openjdk-6-jre.

openjdk-6 (6b17~pre2-1ubuntu1) lucid; urgency=low

  * Update IcedTea build infrastructure (20091215).
  * Fix cacao build on armel with current optimization defaults.

openjdk-6 (6b17~pre2-1) unstable; urgency=low

  * Upload to unstable.

openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low

  * Security updates:
    - (CVE-2009-3728) ICC_Profile file existence detection information leak
      (6631533).
    - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445).
    - (CVE-2009-3881) resurrected classloaders can still have children
      (6636650).
    - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs)
      (6657026).
    - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138).
    - (CVE-2009-3880) UI logging information leakage (6664512).
    - (CVE-2009-3879) GraphicsConfiguration information leak (6822057).
    - (CVE-2009-3884) zoneinfo file existence information leak (6824265).
    - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062).
    - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968).
    - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack
      vulnerabilities (6863503).
    - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser
      denial of service (6864911).
    - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357).
    - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643.
    - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358).
  * Update IcedTea build infrastructure (20091109).
  * Use hs16 on armel.

openjdk-6 (6b17~pre2-0ubuntu2) lucid; urgency=low

  * Don't use hs16 on armel and sparc.

openjdk-6 (6b17~pre2-0ubuntu1) lucid; urgency=low

  * New code drop (b17).
  * Bump hotspot to hs16.
  * Update IcedTea build infrastructure (20091031).
  * Set priority of default -jre and -jdk packages to optional.
  * Fix binary-all to binary-any dependencies. Closes: #550680.

openjdk-6 (6b16-1.6.1-2) unstable; urgency=medium

  * Build-depend on xulrunner-dev (>= 1.9.1.3-3).

openjdk-6 (6b16-1.6.1-1ubuntu3) karmic; urgency=low

  [Matthias Klose]
  * On armel and powerpc, build an additional VM using shark in the
    openjdk-6-jre-zero package (java -shark <args>). Requires llvm-2.6.
  * Hide the desktop menu entry for WebStart. LP: #222180.
  * Don't provide java-virtual-machine anymore.

  [Edward Nevill]
  * Avoid stack overflows in the arm interpreter.

openjdk-6 (6b16-1.6.1-1ubuntu2) karmic; urgency=low

  * Support PKCS11 cryptography via NSS, now allowing import of all
    certificates from ca-certificates.
  * Remove Michael Koch from uploaders, request by himself.
  * Add the doc dir symlink for openjdk-6-jre-zero when the package
    is built with shark support.

openjdk-6 (6b16-1.6.1-1ubuntu1) karmic; urgency=low

  * Fix dependency on the java bridge packages.
  * debian/rules: Conditionalize stuff so that the recent release
    is never mentioned.
  * Remove obsolete patches in debian/patches.
  * Rebuild on armel to fix up libffi for the soft float abi.
  * For jaunty builds, fix IcedTeaPlugin failure to start with xulrunner 1.9.1
    (LP: #359407).
    - debian/patches/icedtea-plugin-use-runtime-nsIProcess-IID.diff: Add.
    - debian/rules: Apply it for jaunty builds.
  * Use pulseaudio as default serviceprovider for
    javax.sound.midi.MidiSystem and javax.sound.sampled.AudioSystem.
    LP: #407299.

openjdk-6 (6b16-1.6.1-1) unstable; urgency=low

  * Upload to Debian unstable.

openjdk-6 (6b16-1.6.1-0ubuntu1) karmic; urgency=low

  * Update IcedTea6 to the 1.6.1 release.
  * Work around GCC PR target/41327, build the JDK on s390 with -O2.

openjdk-6 (6b16-1.6-1) unstable; urgency=low

  * Update IcedTea6 to the 1.6 release.
  * Fix GCC build dependencies.

openjdk-6 (6b16-1.6~pre2-1) unstable; urgency=low

  * Upload to unstable.

openjdk-6 (6b16-1.6~pre2-0ubuntu1) karmic; urgency=low

  * Update IcedTea from the 1.6 release branch:
    - Fix buffer overflow in debugger's socket handler (Kees Cook).
      https://bugs.openjdk.java.net/show_bug.cgi?id=100103. LP: #409736.
    - plugin fixes.
  * Move the pulseaudio recommendation to a suggestion, don't build-depend
    on pulseaudio. Closes: #539394. LP: #361408.
  * Build for armv6 (on armel).

  [ Kees Cook ]
  * debian/rules: Re-enable fortification and stack protector
    (LP: #330713).
  * Adding stack markings to the x86 assembly for not using executable
    stack. LP: #419018.

openjdk-6 (6b16-1.6~pre1-0ubuntu1) karmic; urgency=low

  * Test build (icedtea6-1.6 release branch).

openjdk-6 (6b16~pre5-0ubuntu2) karmic; urgency=low

  * Add explicit build dependency on libgtk2.0-dev.

openjdk-6 (6b16~pre5-0ubuntu1) karmic; urgency=low

  * Bump hotspot to hs14b16.
  * Update IcedTea build infrastructure (20090805).
  * patches/java-access-bridge-security.patch: Update.
  * Build-depend on xulrunner-dev instead of xulrunner-1.9-dev on karmic.
  * Don't recommend the jck fonts anymore, just suggest them; the appropriate
    fonts are installed as dependencies of the language packs.

openjdk-6 (6b16~pre4-0ubuntu7) karmic; urgency=low

  * Build using GCC-4.4 on sparc as well, require 4.4.1.

openjdk-6 (6b16~pre4-0ubuntu6) karmic; urgency=low

  * Fix build failure building the zero VM.

openjdk-6 (6b16~pre4-0ubuntu5) karmic; urgency=low

  [Matthias Klose]
  * Update IcedTea build infrastructure (20090715).
  * Tighten build dependency on llvm-dev.

  [Edward Nevill]
  * Add armv4 compatibility.

openjdk-6 (6b16~pre4-0ubuntu4) karmic; urgency=low

  [Edward Nevill]
  * Added Bytecode Interpreter Generator.
  * Added ARM templates for above.
  * Removed old optimised ARM assebler.
  * Added -g0 because of problems with ld linking -g.
  * Changed alignment to 64 now that as bug is fixed.

  [Matthias Klose]
  * Update IcedTea build infrastructure (20090710).
  * Let the -jre package depend on the access-bridge package, not the
    -jre-headless package. LP: #395074.
  * Suggested by Ed Nevill:
    - Pass -timeout:3 when running the jtreg testsuite on zero architectures.
    - Pass -Xmx256M -vmoption:-Xmx256M on armel for the jtreg testsuite run.
  * Tighten build dependency on llvm-dev.

openjdk-6 (6b16~pre4-0ubuntu3) karmic; urgency=low

  * Update zero-port-opt patch on armel.

openjdk-6 (6b16~pre4-0ubuntu2) karmic; urgency=low

  * Update IcedTea build infrastructure (20090623).
  * Reapply the zero-port-opt patch on armel.
  * Do not use the IPA Mona font family by default. Closes: #521233.
  * Build cacao with -fno-strict-aliasing.

openjdk-6 (6b16-4) unstable; urgency=medium

  * Build the zero binary package when building with shark.
  * Build-depend on cpio. Closes: #532963.

openjdk-6 (6b16-3) unstable; urgency=low

  * Update IcedTea build infrastructure (20090612).
  * Install the libaccess-bridge-java* symlinks again.
  * Build zero on ix86 architectures with JIT support (shark). To use the zero
    build without shark, use the `-Xint' option to operate in interpreted-only
    mode.

openjdk-6 (6b16-2) unstable; urgency=low

  * Don't install libaccess-bridge-java* symlinks until
    libaccess-bridge-java-jni is available on all architectures.
  * Add missing build dependency on cacao-source.

openjdk-6 (6b16-1) unstable; urgency=low

  * Upload to unstable, based in 6b16 and IcedTea 1.5.

openjdk-6 (6b16~pre3-0ubuntu1) karmic; urgency=low

  * Update to hotspot hs14b15.
  * Provide symlink for libjava-access-bridge-jni.so. LP: #375347.

openjdk-6 (6b16~pre2-0ubuntu3) karmic; urgency=low

  * Update IcedTea build infrastructure (20090513).
  * Fix build failure when xvfb-run doesn't work, trying to access a
    non-existing directory.

openjdk-6 (6b16~pre2-0ubuntu2) karmic; urgency=low

  * Add libffi-dev as architecture independent build dependency.

openjdk-6 (6b16~pre2-0ubuntu1) karmic; urgency=low

  * Update to re-tagged code drop (b16).
  * Update IcedTea build infrastructure (20090510).
  * Remove patches integrated in IcedTea.
  * Remove GCJ Web Plugin support.
  * Remove build infrastructure to build additional VM's, integrated
    in IcedTea.
  * Stop building the openjdk-6-source-files package.
  * README.Debian: Document using the different VM's.
  * Use GCC-4.3 on sparc, ICE with GCC-4.4.
  * Fix problem with the ARM assembler interpreter, when executing a 'new'
    bytecode with a double on the top of the stack (Edward Nevill).
  * Run the testsuite for the zero build on ix86 architectures.

openjdk-6 (6b16~pre1-0ubuntu1) karmic; urgency=low

  * New code drop (b16).
  * Update IcedTea build infrastructure (20090429).
  * Merge changes from 6b14-1.4.1.
  * Fix section names (using the java section).
  * Remove all UTF-8 sequence definitions from the font configuration.
 -- Chris Coulson <chris.coulson@xxxxxxxxxxxxx>   Fri, 16 Jul 2010 23:29:38 +0100

** Changed in: openjdk-6 (Ubuntu)
       Status: Incomplete => Fix Released

** Bug watch added: bugs.openjdk.java.net/ #100103
   https://bugs.openjdk.java.net/show_bug.cgi?id=100103

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2409

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3728

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3869

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3871

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3873

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3874

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3875

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3876

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3877

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3879

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3880

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3881

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3882

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3883

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3884

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3885

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0082

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0084

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0085

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0088

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0091

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0092

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0093

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0094

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0095

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0837

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0838

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0840

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0845

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0847

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0848

-- 
Applets use 100% of CPU
https://bugs.launchpad.net/bugs/551328
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in OpenJDK: Confirmed
Status in “openjdk-6” package in Ubuntu: Fix Released
Status in “openjdk-6” package in Debian: Fix Released

Bug description:
Using several applets I'm finding the Lucid i386 applet plugin with Firefox 3.6 is using 100% CPU from the time the applet starts. Even if the applet is stopped by closing the parent window the java process continues using 100% of the CPU.

Examples of a sites where this can be experienced:

http://www.java.com/en/download/help/testvm.xml
http://kent.w3.org/People/mimasa/test/object/java/clock
http://www.spunkyworld.com/demos/chat/index.htm





References