This bug was fixed in the package openjdk-6 - 6b18-1.8-4ubuntu3~9.10.2 --------------- openjdk-6 (6b18-1.8-4ubuntu3~9.10.2) karmic-security; urgency=low * Upload to Karmic openjdk-6 (6b18-1.8-4ubuntu3) lucid-proposed; urgency=low * Update from the 1.8 branch. * Rebuild with fixed ant. * Disable building the shark based VM on armel. * Always build the ARM assembler interpreter in arm mode. openjdk-6 (6b18-1.8-4) unstable; urgency=low * Update from the 1.8 branch. - Plugin and netx fixes. - Don't link the plugin against the libxul libraries. Closes: #576361. - More plugin cpu usage fixes. Closes: #584335, #587049. - Plugin: fixes AppletContext.getApplets(). - Fix race conditions in plugin initialization code that were causing hangs when loading multiple applets in parallel. * Fix Vcs-Bzr location. Closes: #530883. * Search for unversioned llvm-config tool. * Don't set XFILESEARCHPATH and NLSPATH on startup. LP: #586641. * Fix chinese font metrics and prefer using 'WenQuanYi Micro Hei' font. LP: #472845. * Strip libjvm.so with --strip-debug instead of --strip-unneeded. LP: #574997. * Don't turn on the ARM assembler interpreter when building the shark VM. openjdk-6 (6b18-1.8-3) unstable; urgency=low * Update from the 1.8 branch. - Plugin fixes. LP: #597714. * Add powerpcspe build fixes (Sebastian Andrzej Siewior). Closes: #586359. * Work around build failure on buildds configured with low ARG_MAX (Giovanni Mascellani). Closes: #575254. openjdk-6 (6b18-1.8-2ubuntu2) maverick; urgency=low * Search for unversioned llvm-config tool. openjdk-6 (6b18-1.8-2ubuntu1) maverick; urgency=low * Upload to maverick. openjdk-6 (6b18-1.8-2) unstable; urgency=low * Update from the 1.8 branch. - Fix build on Hitachi SH. Closes: #575346. - Shark and Zero fixes. * Build shark using llvm-2.7. * Don't use shark to run the test harness when testing the shark build. * README.Debian: Add paragraph about debugging the IcedTea NPPlugin. openjdk-6 (6b18-1.8-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b18-1.8-0ubuntu1) lucid; urgency=low * Update IcedTea6 to the icedtea6-1.8 release. * Fix builds on Ubuntu/dapper and Debian/lenny. * On hppa, configure --without-rhino --disable-plugin. * Fix Hitachi SH configury. Closes: #575346. * Start a window manager when running the tests. Prefer metacity, as more tests pass with it. * Let XToolkit.isTraySupported() return true, if Compiz is running. Works around sun#6438179. LP: #300948. * Make /jre/lib/security/nss.cfg a config file. * Fail in the configuration of the packages, if /proc is not mounted. java currently uses tricks to find its own shared libraries depending on the path of the binary. Will be changed in OpenJDK7. Closes: #576453. * Fix PR icedtea/469, testsuite failures with the NSS based security provider. LP: #556549. * Do not pass LD_LIBRARY_PATH from the plugin to the java process. While libnss3.so gets loaded from /usr/lib, the dependent libraries are loaded from MOZILLA_FIVE_HOME (See #561216 for the wrong firefox config). LP: #561124. Closes as well: LP: #551328, #554909, #560829, #549010, #553452. * Always build shark with hs14. openjdk-6 (6b18~pre4-1ubuntu1) lucid; urgency=low * Build-depend on xulrunner-1.9.2-dev instead of xulrunner-dev, unexpectedly demoted to universe. * icedtea6-plugin: Hardcode dependency on xulrunner-1.9.2. No way to do better? See #552780. * Fix builds on Ubuntu hardy. openjdk-6 (6b18~pre4-1) unstable; urgency=high * Upload to unstable. openjdk-6 (6b18~pre4-0ubuntu2) lucid; urgency=low * Fix typo in NPPlugin code. LP: #552287. openjdk-6 (6b18~pre4-0ubuntu1) lucid; urgency=low [ Matthias Klose ] * Update IcedTea6 form the 1.8 branch. * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-0837): JAR "unpack200" must verify input parameters (6902299). - (CVE-2010-0845): No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807). - (CVE-2010-0838): CMM readMabCurveData Buffer Overflow Vulnerability (6899653). - (CVE-2010-0082): Loader-constraint table allows arrays instead of only the base-classes (6626217). - (CVE-2010-0095): Subclasses of InetAddress may incorrectly interpret network addresses (6893954) [ZDI-CAN-603]. - (CVE-2010-0085): File TOCTOU deserialization vulnerability (6736390). - (CVE-2010-0091): Unsigned applet can retrieve the dragged information before drop action occurs (6887703). - (CVE-2010-0088): Inflater/Deflater clone issues (6745393). - (CVE-2010-0084): Policy/PolicyFile leak dynamic ProtectionDomains (6633872). - (CVE-2010-0092): AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149). - (CVE-2010-0094): Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) [ZDI-CAN-588]. - (CVE-2010-0093): System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265). - (CVE-2010-0840): Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691). - (CVE-2010-0848): AWT Library Invalid Index Vulnerability (6914823). - (CVE-2010-0847): ImagingLib arbitrary code execution vulnerability (6914866). - (CVE-2009-3555): TLS: MITM attacks via session renegotiation. - 6639665: ThreadGroup finalizer allows creation of false root ThreadGroups. - 6898622: ObjectIdentifer.equals is not capable of detecting incorrectly. encoded CommonName OIDs. - 6910590: Application can modify command array in ProcessBuilder. - 6909597: JPEGImageReader stepX Integer Overflow Vulnerability. - 6932480: Crash in CompilerThread/Parser. Unloaded array klass? - 6898739: TLS renegotiation issue. [ Torsten Werner ] * Switch off IPV6_V6ONLY for IN6_IS_ADDR_UNSPECIFIED addresses, too. (Closes: #575163) openjdk-6 (6b18~pre3-1) unstable; urgency=low [ Matthias Klose ] * Update IcedTea build infrastructure (20100321). * Update support for SH4 (Nobuhiro Iwamatsu). * Handle renaming of the plugin name. [ Torsten Werner ] * Improve patch for IPv4 mapped IPv6 addresses even more. (Closes: #573742) openjdk-6 (6b18~pre2-1ubuntu2) lucid; urgency=low * Fix build failure on ARM. openjdk-6 (6b18~pre2-1ubuntu1) lucid; urgency=low * Upload to lucid. openjdk-6 (6b18~pre2-1) unstable; urgency=low * Update IcedTea build infrastructure (20100310). * Disable building the plugin the plugin on alpha (borked xulrunner packaging using binary indep packages). * Use a two stage build on alpha. * Add note about the reparenting WM workaround. Closes: #573026. * Prefer Sazanami instead of Kochi for Japanese fonts (Hideki Yamane). Closes: #572511. * openjdk-6-doc: Don't compress package-list files. Closes: #567899. openjdk-6 (6b18~pre1-4) unstable; urgency=low * Improve patch for IPv4 mapped IPv6 addresses. openjdk-6 (6b18~pre1-3) unstable; urgency=low * Add a patch for improved handling of IPv4 mapped IPv6 addresses. (Closes: #560056, #561930, #563699, #563946) openjdk-6 (6b18~pre1-2) unstable; urgency=low * Change Build-Depends: ant1.7-optional because of a bus error in gij. openjdk-6 (6b18~pre1-1ubuntu1) lucid; urgency=low * Ignore error code running ant -diagnostics. * Build-depend on ant-optional. * Disable the cacao build on armel, fails to build with the non bootstrap build. openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. openjdk-6 (6b18~pre1-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b18~pre1-0ubuntu1) lucid; urgency=low * New Openjdk6 b18 source code drop. * Use mangled copy of rhino. Closes: #512970. LP: #255149. openjdk-6 (6b17-1.7-1ubuntu1) lucid; urgency=low * ARM Thumb2 updates. * Test build using Hotspt hs14 on ix86. openjdk-6 (6b17-1.7-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b17-1.7-0ubuntu1) lucid; urgency=low * IcedTea6 1.7 release. * Don't try to load libjpeg7; still building with libjpeg62. Closes: #563999. * Run the testsuite on sh4. * Ubuntu only: Implement an execute bit checker for the Non-Exec Policy - debian/JB-java.desktop.in: update mime handler to use new launcher. * armel: Apply the thumb2 patches from the trunk, plus proposed patches for the trunk. openjdk-6 (6b17-0ubuntu1) lucid; urgency=low * Build from the IcedTea6-1.7 branch. * Don't build the plugin on sparc64. * Enable the NPPlugin. * Add support for SH4 (Nobuhiro Iwamatsu). * Fix crash in the ARM assembler interpreter (Edward Nevill). openjdk-6 (6b17~pre3-1ubuntu2) lucid; urgency=low * Update IcedTea build infrastructure (20091224). * Explicitely build-depend on x11-xkb-utils (xkbcomp is needed by xvfb-run). openjdk-6 (6b17~pre3-1ubuntu1) lucid; urgency=low * Upload to lucid. openjdk-6 (6b17~pre3-1) unstable; urgency=low * Update IcedTea build infrastructure (20091218). * Install docs into the openjdk-6-jre-headless directory instead of openjdk-6-jre. openjdk-6 (6b17~pre2-1ubuntu1) lucid; urgency=low * Update IcedTea build infrastructure (20091215). * Fix cacao build on armel with current optimization defaults. openjdk-6 (6b17~pre2-1) unstable; urgency=low * Upload to unstable. openjdk-6 (6b17~pre2-0ubuntu3) lucid; urgency=low * Security updates: - (CVE-2009-3728) ICC_Profile file existence detection information leak (6631533). - (CVE-2009-3885) BMP parsing DoS with UNC ICC links (6632445). - (CVE-2009-3881) resurrected classloaders can still have children (6636650). - (CVE-2009-3882) Numerous static security flaws in Swing (findbugs) (6657026). - (CVE-2009-3883) Mutable statics in Windows PL&F (findbugs) (6657138). - (CVE-2009-3880) UI logging information leakage (6664512). - (CVE-2009-3879) GraphicsConfiguration information leak (6822057). - (CVE-2009-3884) zoneinfo file existence information leak (6824265). - (CVE-2009-2409) deprecate MD2 in SSL cert validation (Kaminsky) (6861062). - (CVE-2009-3873) JPEG Image Writer quantization problem (6862968). - (CVE-2009-3875) MessageDigest.isEqual introduces timing attack vulnerabilities (6863503). - (CVE-2009-3876, CVE-2009-3877) OpenJDK ASN.1/DER input stream parser denial of service (6864911). - (CVE-2009-3869) JRE AWT setDifflCM stack overflow (6872357). - (CVE-2009-3874) ImageI/O JPEG heap overflow (6874643. - (CVE-2009-3871) JRE AWT setBytePixels heap overflow (6872358). * Update IcedTea build infrastructure (20091109). * Use hs16 on armel. openjdk-6 (6b17~pre2-0ubuntu2) lucid; urgency=low * Don't use hs16 on armel and sparc. openjdk-6 (6b17~pre2-0ubuntu1) lucid; urgency=low * New code drop (b17). * Bump hotspot to hs16. * Update IcedTea build infrastructure (20091031). * Set priority of default -jre and -jdk packages to optional. * Fix binary-all to binary-any dependencies. Closes: #550680. -- Chris Coulson