Ubuntu
openjdk-7 package

Change log for openjdk-7 package in Ubuntu

150 of 172 results FirstPreviousLast
Published in trusty-updates
Published in trusty-security 
openjdk-7 (7u211-2.6.17-0ubuntu0.1) trusty-security; urgency=medium

  * IcedTea release 2.6.17 (based on 7u211).
  * Security fixes:
    - S8206290, CVE-2019-2422: Better FileChannel transfer performance.
    - S8209094, CVE_2019-2426: Improve web server connections.
    - S8210866, CVE-2018-11212: Improve JPEG processing.
    - S8199156: Better route routing.
    - S8199161: Better interface enumeration.
    - S8199166: Better interface lists.
    - S8199552: Update to build scripts.
    - S8200659: Improve BigDecimal support.
    - S8203955: Improve robot support.
    - S8204895: Better icon support.
    - S8205356: Choose printer defaults.
    - S8205709: Proper allocation handling.
    - S8205714: Initial class initialization.
    - S8206295: More reliable p11 transactions.
    - S8206301: Improve NIO stability.
    - S8208585: Make crypto code more robust.
    - S8210094: Better loading of classloader classes.
    - S8210606: Improved data set handling.
    - S8210610: Improved LSA authentication.
    - S8210870: Libsunmscapi improved interactions.
  * debian/patches/hotspot-S8207151-fix-bad-klassoop.patch,
    debian/patches/openjdk-jdk7u191-b01-jaxp.patch
    debian/patches/openjdk-jdk7u191-b01-jdk.patch
    debian/patches/openjdk-jdk7u201-b00-hotspot.patch
    debian/patches/openjdk-jdk7u201-b00-jaxp.patch
    debian/patches/openjdk-jdk7u201-b00-jdk.patch: removed, applied upstream.
  * debian/patches/zero-sparc.diff: updated to fix merge failure in
    file hotspot/src/share/vm/c1/c1_LIRAssembler.cpp.

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 20 Mar 2019 05:22:37 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u181-2.6.14-0ubuntu0.3) trusty-security; urgency=medium

  * Apply 7u201-b00 security patches.
  * Security fixes:
    - CVE-2018-3136, S8194534: Manifest better support.
    - CVE-2018-3139, S8196902: Better HTTP redirection support.
    - CVE-2018-3149, S8199177: Enhance JNDI lookups.
    - CVE-2018-3169, S8199226: Improve field accesses.
    - CVE-2018-3180, S8202613: Improve TLS connections stability.
  * debian/patches/jdk-freetypeScaler-crash.diff: removed, it caused
    a memory leak and has been fixed upstream already, albeit in a
    different way. Closes: #910672.
  * debian/patches/jdk-8132985-backport-double-free.patch,
    debian/patches/jdk-8139803-backport-warning.patch: fix crash in
    freetypescaler due to double free, thanks to Heikki Aitakangas for
    the report and patches. (Closes: #911847)
  * debian/rules: run only the hotspot testsuite for jamvm and zero
    alternative vms to make build faster.

 -- Tiago Stürmer Daitx <email address hidden>  Thu, 11 Oct 2018 01:47:12 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u181-2.6.14-0ubuntu0.2) trusty-security; urgency=medium

  * Apply 8u181 security backports.
  * Security fixes:
    - CVE-2018-2938, S8197871: Support Derby connections.
    - CVE-2018-2952, S8199547: Exception to Pattern Syntax.
    - S8191239: Improve desktop file usage.
    - S8193419: Better Internet address support.
    - S8197925: Better stack walking.
    - S8200666: Improve LDAP support.
  * debian/patches/hotspot-S8207151-fix-bad-klassoop.patch: fix bug introduced
    by the backport of S8189123. LP: #1778930.

 -- Tiago Stürmer Daitx <email address hidden>  Mon, 23 Jul 2018 20:03:03 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u181-2.6.14-0ubuntu0.1) trusty-security; urgency=medium

  * IcedTea release 2.6.14 (based on 7u181). Closes: #898976.
  * Security fixes:
    - S8162488: JDK should be updated to use LittleCMS 2.8
    - S8180881: Better packaging of deserialization
    - S8182362: Update CipherOutputStream Usage
    - S8183032: Upgrade to LittleCMS 2.9
    - S8189123: More consistent classloading
    - S8189969, CVE-2018-2790: Manifest better manifest entries
    - S8189977, CVE-2018-2795: Improve permission portability
    - S8189981, CVE-2018-2796: Improve queuing portability
    - S8189985, CVE-2018-2797: Improve tabular data portability
    - S8189989, CVE-2018-2798: Improve container portability
    - S8189993, CVE-2018-2799: Improve document portability
    - S8189997, CVE-2018-2794: Enhance keystore mechanisms
    - S8190478: Improved interface method selection
    - S8190877: Better handling of abstract classes
    - S8191696: Better mouse positioning
    - S8192025, CVE-2018-2814: Less referential references
    - S8192030: Better MTSchema support
    - S8192757, CVE-2018-2815: Improve stub classes implementation
    - S8193409: Improve AES supporting classes
    - S8193414: Improvements in MethodType lookups
    - S8193833, CVE-2018-2800: Better RMI connection support
  * debian/patches/hotspot-disable-exec-shield-workaround.patch: removed,
    upstream fixed i386 stack guard support in S8197429 (hotspot's mercurial
    commit 6636:d673ec579604).
  * debian/patches/hotspot-powerpcspe.diff: removed, support added upstream by
    S8186461 in hotspot's mercurial commit 6638:7517e77dd338.
  * debian/patches/it-patch-updates.diff: remove unnecessary hunks.
  * debian/rules: remove hotspot-powerpcspe.diff and
    hotspot-disable-exec-shield-workaround.patch from applied patches.

 -- Tiago Stürmer Daitx <email address hidden>  Mon, 04 Jun 2018 23:11:45 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u171-2.6.13-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * IcedTea release 2.6.13 (based on 7u171). (Closes: #891330).
  * Security fixes:
    - S8160104: CORBA communication improvements
    - S8172525, CVE-2018-2579: Improve key keying case
    - S8174756: Extra validation for public keys
    - S8175932: Improve host instance supports
    - S8176458: Revise default document styling
    - S8178449, CVE-2018-2588: Improve LDAP logins
    - S8178458: Better use of certificates in LDAP
    - S8178466: Better RSA parameters
    - S8179536: Cleaner print job handling
    - S8179990: Cleaner palette entry handling
    - S8180011: Cleaner native graphics device handling
    - S8180015: Cleaner AWT robot handling
    - S8180020: Improve SymbolHashMap entry handling
    - S8180433: Cleaner CLR invocation handling
    - S8180877: More deeply colored ICC spaces
    - S8181664: Improve JVM UTF String handling
    - S8181670: Improve implementation of keystores
    - S8182125, CVE-2018-2599: Improve reliability of DNS lookups
    - S8182387, CVE-2018-2603: Improve PKCS usage
    - S8182601, CVE-2018-2602: Improve usage messages
    - S8185292, CVE-2018-2618: Stricter key generation
    - S8185325, CVE-2018-2641: Improve GTK initialization
    - S8186080: Transform XML interfaces
    - S8186212, CVE-2018-2629: Improve GSS handling
    - S8186600, CVE-2018-2634: Improve property negotiations
    - S8186606, CVE-2018-2633: Improve LDAP lookup robustness
    - S8186867: Improve native glyph layouts
    - S8186998, CVE-2018-2637: Improve JMX supportive features
    - S8189284, CVE-2018-2663: More refactoring for deserialization cases
    - S8190289, CVE-2018-2677: More refactoring for client deserialization cases
    - S8191142, CVE-2018-2678: More refactoring for naming deserialization cases
  * Remove multiarch-support pre-dependency. (Closes: #887858).
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u151-2.6.11-2ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to 14.04.
  * debian/patches/hotspot-aarch64-S8145438-fix-field-too-big-for-insn.patch:
    the S8144028 fix was incomplete and followed up by S8145438; without it
    aarch64 JVM can fail with "Internal Error, failed: Field too big for
    insn".

 -- Tiago Stürmer Daitx <email address hidden>  Tue, 21 Nov 2017 02:10:21 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u151-2.6.11-0ubuntu1.14.04.1) trusty-security; urgency=medium

  * IcedTea release 2.6.11 (based on 7u151). Closes: #869816.
  * Security fixes:
    - S8163958, CVE-2017-10102: Improved garbage collection.
    - S8167228: Update to libpng 1.6.28.
    - S8169209, CVE-2017-10053: Improved image post-processing steps.
    - S8169392, CVE-2017-10067: Additional jar validation steps.
    - S8170966, CVE-2017-10081: Right parenthesis issue.
    - S8172204, CVE-2017-10087: Better Thread Pool execution.
    - S8172461, CVE-2017-10089: Service Registration Lifecycle.
    - S8172465, CVE-2017-10090: Better handling of channel groups.
    - S8172469, CVE-2017-10096: Transform Transformer Exceptions.
    - S8173286, CVE-2017-10101: Better reading of text catalogs.
    - S8173697, CVE-2017-10107: Less Active Activations.
    - S8173770, CVE-2017-10074: Image conversion improvements.
    - S8174098, CVE-2017-10110: Better image fetching.
    - S8174105, CVE-2017-10108: Better naming attribution.
    - S8174113, CVE-2017-10109: Better sourcing of code.
    - S8174770: Check registry registration location.
    - S8174873: Improved certificate processing.
    - S8175106, CVE-2017-10115: Higher quality DSA operations.
    - S8175110, CVE-2017-10118: Higher quality ECDSA operations.
    - S8176055: JMX diagnostic improvements.
    - S8176067, CVE-2017-10116: Proper directory lookup processing.
    - S8176760, CVE-2017-10135: Better handling of PKCS8 material.
    - S8178135, CVE-2017-10176: Additional elliptic curve support.
    - S8181420, CVE-2017-10074: PPC: Image conversion improvements.
    - S8182054, CVE-2017-10243: Improve wsdl support.
    - S8183551, CVE-2017-10074, PR3423: AArch64: Image conversion improvements.
    - S8184119, CVE-2017-10111: Incorrect return processing for the LF editor
      of MethodHandles.permuteArguments.
  * d/control.in:
    - remove @bd_compress@ dependency.
    - replace @bd_autotools@ with fixed dependencies.
  * d/control.tests: package to hold all tests artifacts and logs.
  * d/repack: fixed and simplified download script.
  * d/rules:
    - include openjdk-7-tests package on Ubuntu derivatives only.
    - only save the full jtreg results when the openjdk-7-tests package
      is being built, otherwise stick to old behaviour (keep compressed
      test summaries + failed test results). Closes: #863007, #865533.
    - only run the long jdk testsuite when default vm is a hotspot.
    - only run the full testsuite for zero alternative vm on very fast
      systems, otherwise stick to the hotspot testsuite to avoid long
      build times.
    - try /etc/os-release before lsb-release; allow distrel to be set
      from the command line.
    - remove with_nss as all supported releases have it now.
    - remove gcc/g++ configurations for EOL releases.
    - keep libjpeg8 dependency on wheezy, replace it with libjpeg62-turbo
      on other Debian releases and libjpeg-turbo8 on Ubuntu. Closes: #766601.
    - remove old logic to depend on libcupsys2.
    - always set rhino_source, all supported releases have dpkg > 1.16.2.
    - remove bd_compress and pkg_compress as they haven't been used for
      quite a while.
    - remove with_wgy_zenhai logic, lenny is EOL.
    - remove bd_autotools logic if/then, call dh_autoreconf and
      dh_autoreconf_clean.
    - simplify bootstrap dependency logic and remove EOL releases.
    - remove EOL releases from gcc/g++ dependency logic.
    - remove unused jamvm_defaults and simplify jamvm_archs logic.
    - use ttf-indic-fonts for trusty, otherwise stick to fonts-indic.
    - have build rule depend on debian/control in order to fail if it
      is ever regenerated at build time.
    - patch configure after dh_autoreconf call to include additional
      /usr/lib/jvm directories; setting DEB_HOST_ARCH=alpha to check
      if patches apply correctly fails because alpha requires a jdk for
      bootstrap and IcedTea does not look into our usual directories.
  * d/p/fontconfig-arphic-uming.diff: removed, not used since lenny.
  * d/p/jdk-getAccessibleValue.diff: libatk-wrapper-java: File selection
    dialog not refreshed when changing directory. Kindly provided by
    Samuel Thibault. Closes: #827741.
  * d/p/jdk-S8173783-fix-illegalargumentexception-regression.patch:
    deleted, included in IcedTea 2.6.10.
  * d/p/kfreebsd-support-jdk.diff: updated, was failing to apply due to
    jdk changes in NetworkInterface.c.
  * d/p/sec-webrev-8u131-*.patch: deleted, included in IcedTea 2.6.10.
  * d/p/zero-sparc.diff: commented out chaitin.hpp hunk #1 as that #ifdef
    has been removed by JDK-8011621 (backported by IcedTea 2.6.10); this
    was also backported to 7u131 through JDK-8160961 but then backed out,
    better keep the hunk in case IcedTea decides to back it out as well.

 -- Tiago Stürmer Daitx <email address hidden>  Thu, 18 May 2017 02:53:34 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u131-2.6.9-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * Fix JDK regression introduced by 7u131 upgrade: (LP: #1691126)
    - d/p/jdk-S8173783-fix-illegalargumentexception-regression.patch:
      fix "IllegalArgumentException: jdk.tls.namedGroups" backported
      from http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f5d0aadb4d1c

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 17 May 2017 00:39:54 +0000

Available diffs

Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u131-2.6.9-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * IcedTea release 2.6.9 (based on 7u131):
  * Security fixes
    - S8167110, CVE-2017-3514: Windows peering issue.
    - S8163528, CVE-2017-3511: Better library loading.
    - S8169011, CVE-2017-3526: Resizing XML parse trees.
    - S8163520, CVE-2017-3509: Reuse cache entries.
    - S8171533, CVE-2017-3544: Better email transfer.
    - S8170222, CVE-2017-3533: Better transfers of files.
    - S8171121, CVE-2017-3539: Enhancing jar checking.
    - S8172299: Improve class processing.
  * debian/compat: updated from 5 to 9.
  * debian/watch: using watch version 4 to download both icedtea and
    icedtea-sound. LP: #1642420.
  * debian/repack: simplified tarball download.
  * debian/rules:
    - removed 8u121 patches as they have been applied to 7u131.
    - building icedtea-sound on build/ directory
    - replaced 'dh_strip -k' calls by dh_prep
    - have the 'build' rule depend on 'debian/control' rule to force
      failure if debian/control gets regenerated.
    - added file 'security/blacklisted.cert' to be copied to etc dir
      (introduced by S8011402).
    - simplified build dependencies.
    - removed jtreg's xvfb-run call since icedtea takes care of calling it.
    - removed window manager as there are no additional significant failures
      on the jdk tests when not running one.
    - re-enabled jdk jtreg tests.
    - removed lpia arch.
    - use fonts-wqy-microhei and fonts-wqy-zenhei instead of transitional
      package names.
    - drop Recommends on obsolete GNOME libraries so they are not in a
      default GNOME desktop installation (Simon McVittie). Closes: #850270.
      + sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
        over obsolete libgconf2-4.
      + sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
        over libgnomevfs-2-0.
      + sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
        libgnomevfs2-0.
  * debian/control.in: added static build dependencies as their previous
    selection logic in debian/rules is no longer required.
  * debian/control: regenerated.
  * debian/patches/icedtea-sound.diff: removed, now packing icedtea-sound
    1.0.1 which includes those fixes.
  * debian/upstream/signing-key.asc: add new signing key.

 -- Tiago Stürmer Daitx <email address hidden>  Mon, 08 May 2017 23:02:52 +0000
Published in precise-updates
Published in precise-security 
openjdk-7 (7u121-2.6.8-1ubuntu0.12.04.3) precise-security; urgency=medium

  * Backport to 12.04
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.3) trusty-security; urgency=medium

  * Security fixes from 8u121:
    - S8167104, CVE-2017-3289: Custom class constructor code can bypass the
      required call to super.init allowing for uninitialized objects to be
      created.
    - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
      dispose() on a CMenuComponentmultiple times.
    - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
      extraneous bytes added to them whereas the signature is supposed to be
      unique.
    - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
      sections to be 2^32-1 bytes long so these should not be uncompressed
      unless the user explicitly requests it.
    - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
      leak information about k.
    - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
      deserialize responses from an LDAP server when an LDAP context is
      expected.
    - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
      users or external applications would interpret them leading to possible
      security issues.
    - S8168705, CVE-2016-5547: A value from an InputStream is read directly
      into the size argument of a new byte[] without validation.
    - S8164147, CVE-2017-3261: An integer overflow exists in
      SocketOutputStream which can lead to memorydisclosure.
    - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
      dispatch HTTP GET requests where the invoker does not have permission.
    - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
      long running sessions are allowed.
    - S8165344, CVE-2017-3272: A protected field can be leveraged into type
      confusion.
    - S8156802, CVE-2017-3241: RMI deserialization should limit the types
      deserialized to prevent attacks that could escape the sandbox.

 -- Tiago Stürmer Daitx <email address hidden>  Tue, 07 Feb 2017 17:55:31 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04.
  * IcedTea release 2.6.8 (based on 7u121):
  * Security fixes
    - S8151921: Improved page resolution
    - S8155968: Update command line options
    - S8155973, CVE-2016-5542: Tighten jar checks
    - S8157176: Improved classfile parsing
    - S8157739, CVE-2016-5554: Classloader Consistency Checking
    - S8157749: Improve handling of DNS error replies
    - S8157753: Audio replay enhancement
    - S8157759: LCMS Transform Sampling Enhancement
    - S8157764: Better handling of interpolation plugins
    - S8158302: Handle contextual glyph substitutions
    - S8158993, CVE-2016-5568: Service Menu services
    - S8159495: Fix index offsets
    - S8159503: Amend Annotation Actions
    - S8159511: Stack map validation
    - S8159515: Improve indy validation
    - S8159519, CVE-2016-5573: Reformat JDWP messages
    - S8160090: Better signature handling in pack200
    - S8160094: Improve pack200 layout
    - S8160098: Clean up color profiles
    - S8160591, CVE-2016-5582: Improve internal array handling
    - S8160838, CVE-2016-5597: Better HTTP service
    - PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()

 -- Tiago Stürmer Daitx <email address hidden>  Tue, 15 Nov 2016 22:26:23 +0000
Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u121-2.6.8-1ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u111-2.6.7-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * debian/rules:
    - fix typo (aarch64 -> arm64) and disable precompiled headers for
      arm64
    - remove compile file generated by automake during debian cleanup
Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u111-2.6.7-0ubuntu0.12.04.2) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.
Obsolete in wily-updates
Obsolete in wily-security 
openjdk-7 (7u101-2.6.6-0ubuntu0.15.10.1) wily-security; urgency=medium

  * IcedTea release 2.6.6 (based on 7u101):
  * Security fixes
    - S8129952, CVE-2016-0686: Ensure thread consistency
    - S8132051, CVE-2016-0687: Better byte behavior
    - S8138593, CVE-2016-0695: Make DSA more fair
    - S8139008: Better state table management
    - S8143167, CVE-2016-3425: Better buffering of XML strings
    - S8144430, CVE-2016-3427: Improve JMX connections
    - S8146494: Better ligature substitution
    - S8146498: Better device table adjustments
  * debian/patches/jdk-8152335-improve-methodhandle-consistency.patch:
    removed, fix is upstream since 2.6.5
  * Disable arm32-jit for armhf and armel, broken by hotspot security patches.
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u101-2.6.6-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04.

Available diffs

Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u101-2.6.6-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.
Deleted in xenial-release (Reason: lp: #1563986, openjdk-7 removal)
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
openjdk-7 (7u95-2.6.4-3) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * SECURITY UPDATE: Applies to client deployment of Java only. This
    vulnerability can be exploited only through sandboxed Java Web Start
    applications and sandboxed Java applets.
    - d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
      CVE-2016-0636: Improve MethodHandle consistency

  [ Matthias Klose ]
  * Use internal tzdata for builds in stretch, unstable, experimental.
    Closes: #818308.

 -- Matthias Klose <email address hidden>  Thu, 24 Mar 2016 15:24:32 +0100

Available diffs

Superseded in wily-updates
Superseded in wily-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.15.10.2) wily-security; urgency=medium

  * SECURITY UPDATE: Applies to client deployment of Java only. This
    vulnerability can be exploited only through sandboxed Java Web Start
    applications and sandboxed Java applets.
    - d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
      CVE-2016-0636: Improve MethodHandle consistency

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 23 Mar 2016 17:55:30 +0000
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.14.04.2) trusty-security; urgency=high

  * SECURITY UPDATE: Applies to client deployment of Java only. This
    vulnerability can be exploited only through sandboxed Java Web Start
    applications and sandboxed Java applets.
    - d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
      CVE-2016-0636: Improve MethodHandle consistency

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 23 Mar 2016 17:55:30 +0000
Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: Applies to client deployment of Java only. This
    vulnerability can be exploited only through sandboxed Java Web Start
    applications and sandboxed Java applets.
    - d/p/jdk-8152335-improve-methodhandle-consistency.patch: S8152335,
      CVE-2016-0636: Improve MethodHandle consistency

 -- Tiago Stürmer Daitx <email address hidden>  Wed, 23 Mar 2016 17:55:30 +0000
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
openjdk-7 (7u95-2.6.4-1) unstable; urgency=high

  [ Tiago Stürmer Daitx ]
  * IcedTea release 2.6.4 (based on 7u95):
  * Security fixes
    - S8059054, CVE-2016-0402: Better URL processing
    - S8130710, CVE-2016-0448: Better attributes processing
    - S8132210: Reinforce JMX collector internals
    - S8132988: Better printing dialogues
    - S8133962, CVE-2016-0466: More general limits
    - S8137060: JMX memory management improvements
    - S8139012: Better font substitutions
    - S8139017, CVE-2016-0483: More stable image decoding
    - S8140543, CVE-2016-0494: Arrange font actions
    - S8143185: Cleanup for handling proxies
    - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
    - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
  * debian/patches/it-debian-build-flags.diff: refreshed
  * debian/patches/it-set-compiler.diff: refreshed
  * debian/patches/it-use-quilt.diff: refreshed
  * debian/patches/it-jamvm-2.0.diff: refreshed
  * debian/patches/icedtea-pretend-memory.diff: refreshed
  * debian/patches/fix_extra_flags-default.diff: refreshed
  * debian/patches/zero-sparc.diff: refreshed

  [ Matthias Klose ]
  * Remove obsolete IcedTea configure options.
  * Fix build failure on squeeze (Thorsten Glaser). Closes: #809205.
  * Don't run the test on mips, still having stone age buildd hardware and
    empty promises to fix these issues since 2010.

 -- Matthias Klose <email address hidden>  Thu, 21 Jan 2016 13:17:54 +0100

Available diffs

Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.

Available diffs

Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.14.04.1) trusty-security; urgency=high

  * Backport to Ubuntu 14.04.

Available diffs

Obsolete in vivid-updates
Obsolete in vivid-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * Backport to Ubuntu 15.04.
Superseded in wily-updates
Superseded in wily-security 
openjdk-7 (7u95-2.6.4-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Icedtea release 2.6.4 (based on 7u95)
  * Security fixes
    - S8059054, CVE-2016-0402: Better URL processing
    - S8130710, CVE-2016-0448: Better attributes processing
    - S8132210: Reinforce JMX collector internals
    - S8132988: Better printing dialogues
    - S8133962, CVE-2016-0466: More general limits
    - S8137060: JMX memory management improvements
    - S8139012: Better font substitutions
    - S8139017, CVE-2016-0483: More stable image decoding
    - S8140543, CVE-2016-0494: Arrange font actions
    - S8143185: Cleanup for handling proxies
    - S8143941, CVE-2015-8126, CVE-2015-8472: Update splashscreen displays
    - S8144773, CVE-2015-7575: Further reduce use of MD5 (SLOTH)
  * debian/patches/it-debian-build-flags.diff: refreshed
  * debian/patches/it-set-compiler.diff: refreshed
  * debian/patches/it-use-quilt.diff: refreshed
  * debian/patches/it-jamvm-2.0.diff: refreshed
  * debian/patches/icedtea-pretend-memory.diff: refreshed
  * debian/patches/fix_extra_flags-default.diff: refreshed
  * debian/patches/zero-sparc.diff: refreshed

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
openjdk-7 (7u91-2.6.3-3) unstable; urgency=medium

  * Fix stripping packages (use bash instead of expr substring).
  * openjdk-jre-headless: Add dependency on the package containing the
    mountpoint binary. Closes: #803717.
  * openjdk-7-jdk: Fix typo in sdk provides. Closes: #803150.
  * Build using giflib 5.

 -- Matthias Klose <email address hidden>  Mon, 30 Nov 2015 06:27:48 +0100

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
openjdk-7 (7u91-2.6.3-2) unstable; urgency=medium

  * Enable sparc64 for hotspot (John Paul Adrian Glaubitz).
  * Add debian/patches/sparc-libproc-fix.diff to include missing
    headers on sparc64 (David Matthew Mattli). Closes: #805846.

 -- Matthias Klose <email address hidden>  Wed, 25 Nov 2015 23:38:54 +0100

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
openjdk-7 (7u91-2.6.3-1) unstable; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Icedtea release 2.6.3 (based on 7u91):
  * Security fixes
    - S8142882, CVE-2015-4871: rebinding of the receiver of a DirectMethodHandle may
      allow a protected method to be accessed

 -- Matthias Klose <email address hidden>  Thu, 19 Nov 2015 01:27:25 +0100

Available diffs

Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u91-2.6.3-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04.
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u91-2.6.3-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04.
Superseded in vivid-updates
Superseded in vivid-security 
openjdk-7 (7u91-2.6.3-0ubuntu0.15.04.1) vivid-security; urgency=medium

  * Backport to Ubuntu 15.04.
Superseded in wily-updates
Superseded in wily-security 
openjdk-7 (7u91-2.6.3-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Icedtea release 2.6.3 (based on 7u91):
  * Security fixes
    - S8142882, CVE-2015-4871: rebinding of the receiver of a
       DirectMethodHandle may allow a protected method to be accessed
  * Bad merge in IcedTea caused 2.6.1 to leak shmem chunks, affecting
    other applications such as QT and VLC, thanks Andrew Hughes for the
    fix in 2.6.2. (LP: #1512760)
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
openjdk-7 (7u91-2.6.2-1) unstable; urgency=medium

  [ Tiago Stürmer Daitx ]
  * IcedTea release 2.6.2 (based on 7u91):
  * Security fixes
    - S8048030, CVE-2015-4734: Expectations should be consistent
    - S8068842, CVE-2015-4803: Better JAXP data handling
    - S8076339, CVE-2015-4903: Better handling of remote object invocation
    - S8076383, CVE-2015-4835: Better CORBA exception handling
    - S8076387, CVE-2015-4882: Better CORBA value handling
    - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
    - S8076413, CVE-2015-4883: Better JRMP message handling
    - S8078427, CVE-2015-4842: More supportive home environment
    - S8078440: Safer managed types
    - S8080541: More direct property handling
    - S8080688, CVE-2015-4860: Service for DGC services
    - S8081760: Better group dynamics
    - S8086092, CVE-2015-4840: More palette improvements
    - S8086733, CVE-2015-4893: Improve namespace handling
    - S8087350: Improve array conversions
    - S8103671, CVE-2015-4805: More objective stream classes
    - S8103675: Better Binary searches
    - S8130078, CVE-2015-4911: Document better processing
    - S8130193, CVE-2015-4806: Improve HTTP connections
    - S8130864: Better server identity handling
    - S8130891, CVE-2015-4843: (bf) More direct buffering
    - S8131291, CVE-2015-4872: Perfect parameter patterning
    - S8132042, CVE-2015-4844: Preserve layout presentation
  * d/patches/it-debian-build-flags.diff: refreshed
  * d/patches/it-set-compiler.diff: refreshed
  * d/patches/it-use-quilt.diff: refreshed and updated
  * d/patches/it-jamvm-2.0.diff: refreshed
  * d/patches/xrender: removed as it was applied upstream

 -- Matthias Klose <email address hidden>  Sun, 25 Oct 2015 22:30:06 +0100
Superseded in xenial-proposed 
openjdk-7 (7u85-2.6.1-6) unstable; urgency=high

  [ Tiago Stürmer Daitx ]
  * Security fixes
    - S8048030, CVE-2015-4734: Expectations should be consistent
    - S8068842, CVE-2015-4803: Better JAXP data handling
    - S8076339, CVE-2015-4903: Better handling of remote object invocation
    - S8076383, CVE-2015-4835: Better CORBA exception handling
    - S8076387, CVE-2015-4882: Better CORBA value handling
    - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
    - S8076413, CVE-2015-4883: Better JRMP message handling
    - S8078427, CVE-2015-4842: More supportive home environment
    - S8078440: Safer managed types
    - S8080541: More direct property handling
    - S8080688, CVE-2015-4860: Service for DGC services
    - S8081744, CVE-2015-4868: Clear out list corner case
    - S8081760: Better group dynamics
    - S8086092. CVE-2015-4840: More palette improvements
    - S8086733, CVE-2015-4893: Improve namespace handling
    - S8087350: Improve array conversions
    - S8103671, CVE-2015-4805: More objective stream classes
    - S8103675: Better Binary searches
    - S8129611: Accessbridge error handling improvement
    - S8130078, CVE-2015-4911: Document better processing
    - S8130185: More accessible access switch
    - S8130193, CVE-2015-4806: Improve HTTP connections
    - S8130864: Better server identity handling
    - S8130891, CVE-2015-4843: (bf) More direct buffering
    - S8131291, CVE-2015-4872: Perfect parameter patterning
    - S8132042, CVE-2015-4844: Preserve layout presentation
  * S6966259: Make PrincipalName and Realm immutable, required for S8048030
  * S8078822: 8068842 fix missed one new file
    PrimeNumberSequenceGenerator.java

  [ Matthias Klose ]
  * Re-enable the atk bridge for releases with a fixed atk bridge.
    Again closes: #797595.

 -- Matthias Klose <email address hidden>  Thu, 22 Oct 2015 00:42:34 +0200
Superseded in wily-updates
Superseded in wily-security 
openjdk-7 (7u85-2.6.1-5ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY UPDATE:
    - S8048030, CVE-2015-4734: Expectations should be consistent
    - S8068842, CVE-2015-4803: Better JAXP data handling
    - S8076339, CVE-2015-4903: Better handling of remote object invocation
    - S8076383, CVE-2015-4835: Better CORBA exception handling
    - S8076387, CVE-2015-4882: Better CORBA value handling
    - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
    - S8076413, CVE-2015-4883: Better JRMP message handling
    - S8078427, CVE-2015-4842: More supportive home environment
    - S8078440: Safer managed types
    - S8080541: More direct property handling
    - S8080688, CVE-2015-4860: Service for DGC services
    - S8081744, CVE-2015-4868: Clear out list corner case
    - S8081760: Better group dynamics
    - S8086092. CVE-2015-4840: More palette improvements
    - S8086733, CVE-2015-4893: Improve namespace handling
    - S8087350: Improve array conversions
    - S8103671, CVE-2015-4805: More objective stream classes
    - S8103675: Better Binary searches
    - S8129611: Accessbridge error handling improvement
    - S8130078, CVE-2015-4911: Document better processing
    - S8130185: More accessible access switch
    - S8130193, CVE-2015-4806: Improve HTTP connections
    - S8130864: Better server identity handling
    - S8130891, CVE-2015-4843: (bf) More direct buffering
    - S8131291, CVE-2015-4872: Perfect parameter patterning
    - S8132042, CVE-2015-4844: Preserve layout presentation
  * S6966259: Make PrincipalName and Realm immutable, required for S8048030
  * S8078822: 8068842 fix missed one new file
    PrimeNumberSequenceGenerator.java

 -- Tiago Stürmer Daitx <email address hidden>  Tue, 20 Oct 2015 03:24:22 +0000
Superseded in vivid-updates
Superseded in vivid-security 
openjdk-7 (7u85-2.6.1-5ubuntu0.15.04.1) vivid-security; urgency=medium

  * Backport to Ubuntu 15.04.
Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u85-2.6.1-5ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04 LTS.

Available diffs

Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u85-2.6.1-5ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04 LTS.
Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
openjdk-7 (7u85-2.6.1-5) unstable; urgency=medium

  * Fix passing --disable-system-sctp for non-linux targets.

 -- Matthias Klose <email address hidden>  Thu, 08 Oct 2015 07:01:54 +0200

Available diffs

Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
openjdk-7 (7u85-2.6.1-4) unstable; urgency=medium

  * Build again with pulseaudio on alpha.
  * Update the kfreebsd support patches (Steven Chamberlain). Closes: #798123.
  * Fix parallel build. Closes: #798124.
  * Disable again the atk bridge, too many regressions. Reopens: #797595.

 -- Matthias Klose <email address hidden>  Wed, 07 Oct 2015 16:24:40 +0200

Available diffs

Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
openjdk-7 (7u85-2.6.1-2) unstable; urgency=medium

  * Stop building zero on AArch64, broken on the merged IcedTea Hotspot.
  * Only build-depend on libsctp-dev on linux architectures. 
  * Configure for zero on sparc64, Hotspot build fails too.

 -- Matthias Klose <email address hidden>  Fri, 04 Sep 2015 17:47:56 +0200
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
openjdk-7 (7u85-2.6.1-1ubuntu1) wily; urgency=medium

  * Stop building zero on AArch64, broken on the merged IcedTea Hotspot.

 -- Matthias Klose <email address hidden>  Thu, 03 Sep 2015 20:31:02 +0200
Superseded in wily-proposed 
openjdk-7 (7u85-2.6.1-1) unstable; urgency=medium

  * IcedTea7 2.6.1 release (based on OpenJDK 7u85).
  * Configure for Hotspot on sparc64.
  * Add mips to the openjdk stage1 architectures.
  * Sort the enums and the annotations in the package-tree.html files (Emmanuel
    Bourg). Closes: #787159.
  * Re-enable the atk bridge for releases with a fixed atk bridge.
    Closes: #797595.
  * Make derivatives builds the same as the parent distro. Closes: #797662.

 -- Matthias Klose <email address hidden>  Thu, 03 Sep 2015 12:47:16 +0200

Available diffs

Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u79-2.5.6-0ubuntu1.12.04.1) precise-security; urgency=medium

  * Backport to Ubuntu 12.04 LTS.

 -- Steve Beattie <email address hidden>  Thu, 23 Jul 2015 23:30:26 -0700
Superseded in trusty-updates
Superseded in trusty-security 
openjdk-7 (7u79-2.5.6-0ubuntu1.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04 LTS.

 -- Steve Beattie <email address hidden>  Thu, 23 Jul 2015 23:10:03 -0700
Superseded in vivid-updates
Superseded in vivid-security 
openjdk-7 (7u79-2.5.6-0ubuntu1.15.04.1) vivid-security; urgency=medium

  * Backport for Ubuntu 15.04.

 -- Steve Beattie <email address hidden>  Thu, 23 Jul 2015 15:37:30 -0700
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
openjdk-7 (7u79-2.5.6-1) unstable; urgency=medium

  * IcedTea7 2.5.6 release (based on OpenJDK 7u79).
  * Security fixes
    - S8043202, CVE-2015-2808: Prohibit RC4 cipher suites.
    - S8067694, CVE-2015-2625: Improved certification checking.
    - S8071715, CVE-2015-4760: Tune font layout engine.
    - S8071731: Better scaling for C1.
    - S8072490: Better font morphing redux.
    - S8072887: Better font handling improvements.
    - S8073334: Improved font substitutions.
    - S8073773: Presume path preparedness.
    - S8073894: Getting to the root of certificate chains.
    - S8074330: Set font anchors more solidly.
    - S8074335: Substitute for substitution formats.
    - S8074865, CVE-2015-2601: General crypto resilience changes.
    - S8074871: Adjust device table handling.
    - S8075374, CVE-2015-4748: Responding to OCSP responses.
    - S8075378, CVE-2015-4749: JNDI DnsClient Exception Handling.
    - S8075738: Better multi-JVM sharing.
    - S8075833, CVE-2015-2613: Straighter Elliptic Curves.
    - S8075838: Method for typing MethodTypes.
    - S8075853, CVE-2015-2621: Proxy for MBean proxies.
    - S8076328, CVE-2015-4000: Enforce key exchange constraints.
    - S8076376, CVE-2015-2628: Enhance IIOP operations.
    - S8076397, CVE-2015-4731: Better MBean connections.
    - S8076401, CVE-2015-2590: Serialize OIS data.
    - S8076405, CVE-2015-4732: Improve serial serialization.
    - S8076409, CVE-2015-4733: Reinforce RMI framework.
    - S8077520, CVE-2015-2632: Morph tables into improved form.
    - PR2487, CVE-2015-4000: Make jdk8 mode the default for
      jdk.tls.ephemeralDHKeySize.
  * Update the kfreebsd hotspot support patch (Steven Chamberlain).
    Closes: #788982.
  * openjdk-7-jre: Recommend the real libgconf2-4 and libgnome2-0 packages.
    Closes: #786594.

 -- Matthias Klose <email address hidden>  Thu, 23 Jul 2015 17:19:35 +0200

Available diffs

Superseded in precise-updates
Superseded in precise-security 
openjdk-7 (7u79-2.5.5-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Backport to 12.04 LTS.
150 of 172 results FirstPreviousLast