Ubuntu
openjdk-7 package

Update icedtea-java7 to Java SE 7 Update 1

  1. Lucid (10.04)
  2. Bug #878684
Bug #878684 reported by Dmitry
270
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openjdk-6 (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
High
Steve Beattie
Maverick
Fix Released
High
Steve Beattie
Natty
Fix Released
High
Steve Beattie
Oneiric
Fix Released
High
Steve Beattie
openjdk-7 (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Maverick
Invalid
Undecided
Unassigned
Natty
Invalid
Undecided
Unassigned
Oneiric
Fix Released
Undecided
Steve Beattie

Bug Description

Multiple security vulnerabilities were fixed in the latest release of java7.
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

An update of icedtea-java7 is needed.

Jamie Strandboge (jdstrand)
visibility: private → public
Changed in icedtea-java7 (Ubuntu):
status: New → Triaged
affects: icedtea-java7 (Ubuntu) → openjdk-6 (Ubuntu)
Changed in openjdk-7 (Ubuntu):
status: New → Triaged
Revision history for this message
Matthias Klose (doko) wrote :

fixed in precise; please find test packages for lucid, maverick, oneiric in the openjdk-r PPA.

Changed in openjdk-7 (Ubuntu):
status: Triaged → Fix Released
Changed in openjdk-6 (Ubuntu):
status: Triaged → Fix Released
Changed in openjdk-6 (Ubuntu Lucid):
importance: Undecided → High
status: New → In Progress
Changed in openjdk-6 (Ubuntu Maverick):
importance: Undecided → High
status: New → In Progress
Changed in openjdk-6 (Ubuntu Oneiric):
importance: Undecided → High
status: New → In Progress
Changed in openjdk-7 (Ubuntu Lucid):
status: New → Invalid
Changed in openjdk-7 (Ubuntu Maverick):
status: New → Invalid
Changed in openjdk-7 (Ubuntu Natty):
status: New → Invalid
Changed in openjdk-7 (Ubuntu Oneiric):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openjdk-6 (Ubuntu Natty):
status: New → Confirmed
Steve Beattie (sbeattie)
Changed in openjdk-6 (Ubuntu Lucid):
assignee: nobody → Steve Beattie (sbeattie)
Changed in openjdk-6 (Ubuntu Maverick):
assignee: nobody → Steve Beattie (sbeattie)
Changed in openjdk-6 (Ubuntu Natty):
assignee: nobody → Steve Beattie (sbeattie)
status: Confirmed → In Progress
Changed in openjdk-6 (Ubuntu Oneiric):
assignee: nobody → Steve Beattie (sbeattie)
Changed in openjdk-7 (Ubuntu Oneiric):
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-6 - 6b23~pre11-0ubuntu1.11.10

---------------
openjdk-6 (6b23~pre11-0ubuntu1.11.10) oneiric-security; urgency=low

  * Build for oneiric.

openjdk-6 (6b23~pre11-1) unstable; urgency=high

  * Build with jpeg8. Closes: #644070.
  * Tighten inter-package dependencies for Debian builds. Closes: #641240.

openjdk-6 (6b23~pre11-0ubuntu1) precise; urgency=low

  * Update from the IcedTea6 branch (20111019) LP: #878684.
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.
    - Update JamVM.
      - Implement classlibCheckIfOnLoad().
      - Make thread states JVMTI compatible.
      - Handle 'g' when specifying memory + extra checks.
      - Make command line compatibility options table-driven.
    - Update CACAO.

openjdk-6 (6b23~pre10-1) unstable; urgency=low

  [ Matthias Klose ]
  * Fix exception on trying to start PulseAudio playback on ARM (Xerxes
    Rånby, David Henningsson). LP: #862286.

  [ Damien Raude-Morvan ]
  * Add myself to Uploaders.
  * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of
    non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar
    to sun.* code. (Closes: #642734, #642598).
 -- Matthias Klose <email address hidden> Thu, 20 Oct 2011 18:05:17 +0200

Changed in openjdk-6 (Ubuntu Oneiric):
status: In Progress → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

OpenJDK 7 was fixed in oneiric in https://launchpad.net/ubuntu/+source/openjdk-7/7~b147-2.0-0ubuntu0.11.10.1 ; my apologies for not referring to this bug there and also messing up the changes entry to not show the full changelog between 7~b147-2.0~pre6-1ubuntu1 and 7~b147-2.0-0ubuntu0.11.10.1.

Changed in openjdk-7 (Ubuntu Oneiric):
status: In Progress → Fix Released
Changed in openjdk-6 (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in openjdk-6 (Ubuntu Maverick):
status: In Progress → Fix Released
Changed in openjdk-6 (Ubuntu Natty):
importance: Undecided → High
status: In Progress → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

OpenJDK 6 packages were addressed with http://www.ubuntu.com/usn/usn-1263-1/

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.