Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/natty-security/openjdk-6
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

148. By Steve Beattie on 2012-08-31

* SECURITY UPDATE: Update to IcedTea 6 1.11.4
  - Security fixes:
    - S7162476, CVE-2012-1682: XMLDecoder security issue via
    - S7163201, CVE-2012-0547: Simplify toolkit internals references
  - Bug fixes:
    - S7182135: Impossible to use some editors directly
    - S7185678: java/awt/Menu/NullMenuLabelTest/NullMenuLabelTest.java
      failed with NPE

147. By Steve Beattie on 2012-06-28

* Backport OpenJDK 6b24/IcedTea 1.11.3 to natty.
* debian/patches/java-access-bridge-security.patch: updated
* debian/control.zero-jre: add powerpc arch back, to get empty
  transitional package
* debian/rules: install README.Debian for openjdk-6-jre-zero to create
  empty transitional package and create package
* debian/README.Debian: explain openjdk-6-jre-zero went away
* regenerate debian/control

146. By Steve Beattie on 2012-02-15

* SECURITY UPDATE: update to IcedTea 6 1.10.6
  - Security fixes:
    - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray
    - S7088367, CVE-2011-3563: Fix issues in java sound
    - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager
    - S7110687, CVE-2012-0503: Issues with TimeZone class
    - S7110700, CVE-2012-0505: Enhance exception throwing mechanism
      in ObjectStreamClass
    - S7110704, CVE-2012-0506: Issues with some method in corba
    - S7112642, CVE-2012-0497: Incorrect checking for graphics
      rendering object
    - S7118283, CVE-2012-0501: Better input parameter checking in
      zip file processing
    - S7126960, CVE-2011-5035: (httpserver) Add property to limit
      number of request headers to the HTTP Server
  - Bug fixes:
    - RH580478: Desktop files should not use hardcoded path
    - S7034464: Support transparent large pages on Linux
    - S7037939: NUMA: Disable adaptive resizing if SHM large pages
      are used
    - S7102369, RH751203: remove java.rmi.server.codebase property
      parsing from registyimpl
    - S7094468, RH751203: rmiregistry clean up
    - S6851973, PR830: ignore incoming channel binding if acceptor
      does not set one
    - S7091528: javadoc attempts to parse .class files
* drop debian/patches/openjdk-7103725-ssl_beast_regression.patch as
  it's included in the upstream release.

145. By Steve Beattie on 2012-01-19

Add regression fix for broken ssl connectivity when using
TLS_DH_anon_WITH_AES_128_CBC_SHA (LP: #891761)

144. By Matthias Klose on 2011-10-22

* SECURITY UPDATE: IcedTea6 1.10.4 Release:
  - Security fixes:
    - S7000600, CVE-2011-3547: InputStream skip() information leak.
    - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
    - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
    - S7032417, CVE-2011-3552: excessive default UDP socket limit under
    - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
    - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
    - S7055902, CVE-2011-3521: IIOP deserialization code execution.
    - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
      error checks.
    - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
      against SSL/TLS (BEAST).
    - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
    - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
    - S7083012, CVE-2011-3557: RMI registry privileged code execution.
    - S7096936, CVE-2011-3560: missing checkSetFactory calls in

143. By Steve Beattie on 2011-06-10

  - S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent
    disabled get still selected for read ops (win)
  - S6618658, CVE-2011-0865: Vulnerability in deserialization
  - S7012520, CVE-2011-0815: Heap overflow vulnerability in
  - S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
  - S7013969, CVE-2011-0867: NetworkInterface.toString can reveal
  - S7013971, CVE-2011-0869: Vulnerability in SAAJ
  - S7016340, CVE-2011-0870: Vulnerability in SAAJ
  - S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with
    scale close to zero
  - S7020198, CVE-2011-0871: ImageIcon creates Component with null acc
  - S7020373, CVE-2011-0864: JSR rewriting can overflow memory address
    size variables
* debian/generate_debian_orig.sh: adjust settings to match the
  generation of this update.
* debian/patches/nonreparenting-wm.diff: refresh patch due to
  upstream change

142. By Matthias Klose on 2011-04-05

IcedTea6 1.10.1 release.

141. By Matthias Klose on 2011-03-25

* Update from the IcedTea6-1.10 release branch (20110325).
* Add multiarch directories to the default library path. LP: #737603.

140. By Matthias Klose on 2011-03-06

Upload to natty.

139. By Matthias Klose on 2011-03-04

Disable the jdk tests with the Shark, JamVM and Cacao VMs.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.