[pkg-java] r13328 - trunk/sun-java6/debian

Sylvestre Ledru sylvestre at alioth.debian.org
Wed Feb 16 11:13:19 UTC 2011 

Author: sylvestre
Date: 2011-02-16 11:13:05 +0000 (Wed, 16 Feb 2011)
New Revision: 13328

Modified:
   trunk/sun-java6/debian/changelog
   trunk/sun-java6/debian/control.in
   trunk/sun-java6/debian/rules
Log:
Described the security issues

Modified: trunk/sun-java6/debian/changelog
===================================================================
--- trunk/sun-java6/debian/changelog	2011-02-16 06:15:06 UTC (rev 13327)
+++ trunk/sun-java6/debian/changelog	2011-02-16 11:13:05 UTC (rev 13328)
@@ -1,4 +1,4 @@
-sun-java6 (6.24-1) UNRELEASED; urgency=low
+sun-java6 (6.24-1) unstable; urgency=high
 
   * New upstream release
   * Watch file added
@@ -6,7 +6,40 @@
   * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
     - (CVE-2010-4476): Java Runtime Environment hangs when converting 
       "2.2250738585072012e-308" to a binary floating-point number.
-
+    - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
+                       Execution Vulnerability
+    - (CVE-2010-4454): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
+    - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
+                       Vulnerability
+    - (CVE-2010-4465): Swing timer-based security manager bypass
+    - (CVE-2010-4467): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4469): Hotspot backward jsr heap corruption
+    - (CVE-2010-4473): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4422): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4451): Vulnerability allows successful unauthenticated network
+                       attacks via HTTP. 
+    - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
+                       Vulnerability
+    - (CVE-2010-4470): JAXP untrusted component state manipulation
+    - (CVE-2010-4471): Java2D font-related system property leak
+    - (CVE-2010-4447): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4475): vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4468): DNS cache poisoning by untrusted applets
+    - (CVE-2010-4450): Launcher incorrect processing of empty library path
+                       entries
+    - (CVE-2010-4448): DNS cache poisoning by untrusted applets
+    - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
+                       implementation
+    - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
+                       Operating System. 
+    
  -- Sylvestre Ledru <sylvestre at debian.org>  Wed, 16 Feb 2011 00:46:20 +0100
 
 sun-java6 (6.23-1) unstable; urgency=low

Modified: trunk/sun-java6/debian/control.in
===================================================================
--- trunk/sun-java6/debian/control.in	2011-02-16 06:15:06 UTC (rev 13327)
+++ trunk/sun-java6/debian/control.in	2011-02-16 11:13:05 UTC (rev 13328)
@@ -4,11 +4,11 @@
 Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
 Uploaders: Sylvestre Ledru <sylvestre at debian.org>, Torsten Werner <twerner at debian.org>
 Build-Depends: debhelper (>= 5.0.51~), lsb-release, po-debconf, defoma, unzip, bzip2, patch, libasound2, unixodbc, libx11-6, libxext6, libxi6, libxp6, libxt6, libxtst6, lib32asound2 [amd64], ia32-libs [amd64 ia64]
-Standards-Version: 3.8.4
+Standards-Version: 3.9.1
 Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/sun-java6
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/sun-java6
 XS-Autobuild: yes
-Homepage: https://jdk-distros.dev.java.net
+Homepage: http://jdk-distros.java.net/
 
 Package: @basename at -jre
 Section: non-free/java

Modified: trunk/sun-java6/debian/rules
===================================================================
--- trunk/sun-java6/debian/rules	2011-02-16 06:15:06 UTC (rev 13327)
+++ trunk/sun-java6/debian/rules	2011-02-16 11:13:05 UTC (rev 13328)
@@ -315,8 +315,8 @@
 	  exit 1; \
 	fi
 
-diff_ignore = -I 'Friday, November 12' \
-	-I 'Fri Nov 12' -I '^ *// java GenerateCharacter'
+diff_ignore = -I 'Wednesday, February 2' \
+	-I 'Wed Feb 02' -I '^ *// java GenerateCharacter'
 
 with_check = yes

More information about the pkg-java-commits mailing list