Ubuntu
sun-java6 package

Change logs for sun-java6 source package in Natty

  1. Natty (11.04)
  2. Change log 
  • sun-java6 (6.26-2natty1) natty; urgency=low

  * Disable the browser plugin due to security issues.
    - http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
 -- James Westby <email address hidden>   Sat, 10 Dec 2011 13:55:02 -0500
  • sun-java6 (6.26-1natty1) natty; urgency=low

  * Initial release of 6.26 for Natty
 -- Brian Thomason <email address hidden>   Tue, 12 Jul 2011 18:14:59 +0000
  • sun-java6 (6.24-1build0.10.10.1) maverick; urgency=low

  * Fake sync from Debian
  * Changed Section prefix from non-free to partner as sun-java6 resides in
    Canonical Partner archive as of Lucid

sun-java6 (6.24-1) unstable; urgency=high

  * New upstream release
  * Watch file added
  * Homepage updated to http://jdk-distros.java.net/
  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
    - (CVE-2010-4476): Java Runtime Environment hangs when converting
      "2.2250738585072012e-308" to a binary floating-point number.
    - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
                       Execution Vulnerability
    - (CVE-2010-4454): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
    - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
                       Vulnerability
    - (CVE-2010-4465): Swing timer-based security manager bypass
    - (CVE-2010-4467): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4469): Hotspot backward jsr heap corruption
    - (CVE-2010-4473): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4422): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4451): Vulnerability allows successful unauthenticated network
                       attacks via HTTP.
    - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
                       Vulnerability
    - (CVE-2010-4470): JAXP untrusted component state manipulation
    - (CVE-2010-4471): Java2D font-related system property leak
    - (CVE-2010-4447): Vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4475): vulnerability allows successful unauthenticated network
                       attacks via multiple protocols.
    - (CVE-2010-4468): DNS cache poisoning by untrusted applets
    - (CVE-2010-4450): Launcher incorrect processing of empty library path
                       entries
    - (CVE-2010-4448): DNS cache poisoning by untrusted applets
    - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
                       implementation
    - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
                       Operating System.

sun-java6 (6.23-1) unstable; urgency=low

  * New upstream release
  * Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
  * Standards-Version updated to version 3.9.1
 -- Brian Thomason <email address hidden>   Mon, 21 Feb 2011 15:42:33 -0500