sun java 6u26 needs packaging

It's worth noting that 5 of those 17 security problems are specific to windows only. Still, this update would fix 12 CVE security vulnerabilities concerning Linux. Added CVE References.

Any ETA about java6 u26 availability on lucid and hardy

According to comment https://bugs.launchpad.net/ubuntu/+source/sun-java6/+bug/784604/comments/8 the Java 6 update 26 was available in the Debian archive weeks ago. I'd expect Ubuntu port to be pretty fast.

Expect this on Monday or Tuesday.

Thanks Brian! But that's still more than a month too late. When will the Ubuntu Security Team treat Sun Java as an important update? Because it's not the first time this happens. We've already had multiple discussions about Sun Java-updates and you guys are always late. Please treat Sun Java as a number one-package when it comes to security fixes, just like you do with Firefox and Adoble Flash Player.

Hi Vistaus,

The security team isn't responsible for packages in the Canonical Partner Repository - that would rest solely with me. One month is too long - I need to get back in contact with the Debian developer and sync their packages soon after they are released.

Flash updates are handled promptly because we have a good relationship with Adobe in that regard. Unfortunately, no such relationship exists with Oracle at this point.

-Brian

What about an automatic sync from debian as soon as a new package is updated?

@LocutusOfBorg: +1

That looks like a splendid idea! That would solve this awful and recurring security problem once and for all.

@Brian Thomason: what do you think of this suggestion? Is it technically possible?

I finally got tired of waiting & added:
deb http://http.us.debian.org/debian sid main non-free
to my /etc/apt/sources.list. Updated java6 & then disabled the repo.

$ apt-cache policy sun-java6-jre
sun-java6-jre:
  Installed: 6.26-1
  Candidate: 6.26-1

No, unfortunately it isn't technically possible at this time to automate that, and I'm not sure it's desirable. Just because the update works soundly on Debian Sid does not mean it works on top of Lucid in the same manner.

That being said, I just uploaded this fix to Lucid and Maverick and Natty will follow shortly.

@Brian Thomason: OK.... I see.

Yet, the update procedure of Sun Java JRE needs structural improvement. Security fixes like the current one, should become available much sooner in the future. Do you have ideas how this can be achieved?

Thanks for the current upload, by the way. :-)

is it going to be available in Hardy

Please update about comment#12

@kaushal: 8.04 Hardy Heron is already dead on the desktop since April (although not yet dead on the server), so I suppose the answer is: no, this update won't be made available for Hardy.

I am still not seeing this in maverick updates. Can anyone confirm?

On 07/30/2011 05:16 PM, Eric Zimmerman wrote:
> I am still not seeing this in maverick updates. Can anyone confirm?
>

It's there:
https://launchpad.net/ubuntu/+source/sun-java6