-
sun-java6 (6.26-2natty1) natty; urgency=low
* Disable the browser plugin due to security issues.
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
-- James Westby <email address hidden> Sat, 10 Dec 2011 13:55:02 -0500
-
sun-java6 (6.26-1natty1) natty; urgency=low
* Initial release of 6.26 for Natty
-- Brian Thomason <email address hidden> Tue, 12 Jul 2011 18:14:59 +0000
-
sun-java6 (6.24-1build0.10.10.1) maverick; urgency=low
* Fake sync from Debian
* Changed Section prefix from non-free to partner as sun-java6 resides in
Canonical Partner archive as of Lucid
sun-java6 (6.24-1) unstable; urgency=high
* New upstream release
* Watch file added
* Homepage updated to http://jdk-distros.java.net/
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-4476): Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number.
- (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
Execution Vulnerability
- (CVE-2010-4454): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
- (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
Vulnerability
- (CVE-2010-4465): Swing timer-based security manager bypass
- (CVE-2010-4467): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4469): Hotspot backward jsr heap corruption
- (CVE-2010-4473): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4422): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4451): Vulnerability allows successful unauthenticated network
attacks via HTTP.
- (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
Vulnerability
- (CVE-2010-4470): JAXP untrusted component state manipulation
- (CVE-2010-4471): Java2D font-related system property leak
- (CVE-2010-4447): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4475): vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4468): DNS cache poisoning by untrusted applets
- (CVE-2010-4450): Launcher incorrect processing of empty library path
entries
- (CVE-2010-4448): DNS cache poisoning by untrusted applets
- (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
implementation
- (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
Operating System.
sun-java6 (6.23-1) unstable; urgency=low
* New upstream release
* Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
* Standards-Version updated to version 3.9.1
-- Brian Thomason <email address hidden> Mon, 21 Feb 2011 15:42:33 -0500