openjdk team mailing list archive

Thread
Date
[Bug 878684] Re: Update icedtea-java7 to Java SE 7 Update 1

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <878684@xxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Nov 2011 00:12:51 -0000
Reply-to: Bug 878684 <878684@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package openjdk-6 - 6b23~pre11-0ubuntu1.11.10

---------------
openjdk-6 (6b23~pre11-0ubuntu1.11.10) oneiric-security; urgency=low

  * Build for oneiric.

openjdk-6 (6b23~pre11-1) unstable; urgency=high

  * Build with jpeg8. Closes: #644070.
  * Tighten inter-package dependencies for Debian builds. Closes: #641240.

openjdk-6 (6b23~pre11-0ubuntu1) precise; urgency=low

  * Update from the IcedTea6 branch (20111019) LP: #878684.
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.
    - Update JamVM.
      - Implement classlibCheckIfOnLoad().
      - Make thread states JVMTI compatible.
      - Handle 'g' when specifying memory + extra checks.
      - Make command line compatibility options table-driven.
    - Update CACAO.

openjdk-6 (6b23~pre10-1) unstable; urgency=low

  [ Matthias Klose ]
  * Fix exception on trying to start PulseAudio playback on ARM (Xerxes
    Rånby, David Henningsson). LP: #862286.

  [ Damien Raude-Morvan ]
  * Add myself to Uploaders.
  * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of
    non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar
    to sun.* code. (Closes: #642734, #642598).
 -- Matthias Klose <doko@xxxxxxxxxx>   Thu, 20 Oct 2011 18:05:17 +0200

** Changed in: openjdk-6 (Ubuntu Oneiric)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
https://bugs.launchpad.net/bugs/878684

Title:
  Update icedtea-java7 to Java SE 7 Update 1

Status in “openjdk-6” package in Ubuntu:
  Fix Released
Status in “openjdk-7” package in Ubuntu:
  Fix Released
Status in “openjdk-6” source package in Lucid:
  In Progress
Status in “openjdk-7” source package in Lucid:
  Invalid
Status in “openjdk-6” source package in Maverick:
  In Progress
Status in “openjdk-7” source package in Maverick:
  Invalid
Status in “openjdk-6” source package in Natty:
  In Progress
Status in “openjdk-7” source package in Natty:
  Invalid
Status in “openjdk-6” source package in Oneiric:
  Fix Released
Status in “openjdk-7” source package in Oneiric:
  In Progress

Bug description:
  Multiple security vulnerabilities were fixed in the latest release of java7.
  http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

  An update of icedtea-java7 is needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/878684/+subscriptions