lp:ubuntu/hardy-updates/openjdk-6
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/openjdk-6
Branch merges
Branch information
Recent revisions
- 16. By Marc Deslauriers
-
* Rebuilt for hardy
* debian/rules: relax fastjar version to the one in hardy. - 14. By Matthias Klose
-
* openjdk-
6-jre-headless: Provide java-virtual- machine for releases
older than karmic.
* Plugin and netx fixes. - 12. By Matthias Klose
-
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- 6626217: Loader-constraint table allows arrays instead of only
the base-classes.
- 6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
- 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups.
- 6736390: File TOCTOU deserialization vulnerability.
- 6745393: Inflater/Deflater clone issues.
- 6887703: Unsigned applet can retrieve the dragged information before drop
action occur.
- 6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error.
- 6892265: System.arraycopy unable to reference elements beyond
Integer.MAX_VALUE bytes.
- 6893947: Deserialization of RMIConnectionImpl objects should enforce
stricter checks [ZDI-CAN-588].
- 6893954: Subclasses of InetAddress may incorrectly interpret network
addresses [ZDI-CAN-603].
- 6894807: No ClassCastException for HashAttributeSet constructors if run
with -Xcomp.
- 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly
encoded CommonName OIDs.
- 6898739: TLS renegotiation issue.
- 6899653: Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability.
- 6902299: Java JAR "unpack200" must verify input parameters.
- 6904691: Java Applet Trusted Methods Chaining Privilege Escalation
Vulnerability.
- 6909597: Java Runtime Environment JPEGImageReader stepX Integer Overflow
Vulnerability.
- 6910590: Application can modify command array, in ProcessBuilder.
- 6914823: Java AWT Library Invalid Index Vulnerability.
- 6914866: JRE ImagingLib arbitrary code execution vulnerability.
- 6932480: Crash in CompilerThread/Parser. - 11. By Kees Cook
-
* SECURITY UPDATE: multiple upstream vulnerabilities.
- upstream fixes, thanks to Bernhard R. Link:
- patches/icedtea- 4486841. patch fixes CVE-2008-5351:
UTF-8 decoder accepts non-shortest form sequences,
- patches/icedtea- 6484091. patch fixes CVE-2008-5350:
allows to list files within the user home directory,
- patches/icedtea- 6497740. patch fixes CVE-2008-5349:
RSA public key length denial-of-service,
- patches/icedtea- 6588160. patch fixes CVE-2008-5348:
Denial- Of-Service in kerberos authentication,
- patches/icedtea- 6592792. patch fixes CVE-2008-5347:
applet privilege escalation via JAX package access,
- patches/icedtea- 6721753. patch fixes CVE-2008-5360:
temporary files have guessable file names,
- patches/icedtea- 6726779. patch fixes CVE-2008-5359:
Buffer overflow in image processing,
- patches/icedtea- 6733959. patch fixes CVE-2008-5354:
Privilege escalation in command line applications,
- patches/icedtea- 6734167. patch fixes CVE-2008-5353:
calender object deserialization allows privilege escalation,
- patches/icedtea- 6755943. patch fixes CVE-2008-5352:
Jar200 Decompression buffer overflow,
- patches/icedtea- 6766136. patch fixes CVE-2008-5358:
Buffer Overflow in GIF image processing.
* add debian/patches/ donotdelete. diff:
fix MultipleJRE.sh to remove the link in the error-path, otherwise
the test-suite removes the whole build/*/j2sdk-image directory on error. - 10. By Matthias Klose
-
* Upload to hardy, based on 6b11. LP: #237083.
- Removes the last bits of code with questionable licenses, adds missing
copyrights and licenses.
- Only register the browser alternative for xulrunner-addons (for
firefox-3.0 based browsers). The plugin is not built for firefox-2.0).
- Don't compile for i686 only (already fixed in 6b10). LP: #227645.
- Eclipse runs more stable (already fixed in 6b10). - 8. By Matthias Klose
-
* New code drop (b08).
* Update IcedTea build infrastructure.
* Move binfmt-support references from -jre to -jre-headless package.
* Don't fail on purge, if /var/lib/binfmts/ openjdk- 6 is missing. LP: #206721.
* Only use the basename for icons in desktop files. LP: #207413.
* Install javaws(1). LP: #191297.
* Install a wrapper script for javaws, which calls `javaws -viewer' if no
arguments are given (or else starting javaws from the desktop menu
would not do anything).
* debian/JB-web- start.applicati ons.in: Remove the -viewer option from command. - 7. By Matthias Klose
-
* New code drop (b07).
* Update IcedTea build infrastructure.
* debian/copyright: Update to OpenJDK Trademark Notice v1.1.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/openjdk-6