Comment 3 for bug 726845

This bug was fixed in the package openjdk-6b18 - 6b18-1.8.7-0ubuntu2

---------------
openjdk-6b18 (6b18-1.8.7-0ubuntu2) natty; urgency=low

  * Browser plugin and Webstart are built from icedtea-web. LP: #726845.

openjdk-6b18 (6b18-1.8.7-0ubuntu1) maverick-security; urgency=low

  * IcedTea6 1.8.7 release.
    - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption.
    - S6907662, CVE-2010-4465: Swing timer-based security manager bypass.
    - S6994263, CVE-2010-4472: Untrusted code allowed to replace
      DSIG/C14N implementation.
    - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets.
    - S6983554, CVE-2010-4450: Launcher incorrect processing of empty
      library path entries.
    - S6985453, CVE-2010-4471: Java2D font-related system property leak.
    - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation.
    - CVE-2011-0706: Multiple signers privilege escalation.

  * IcedTea6 1.8.6 release.
    - S4421494, CVE-2010-4476: infinite loop while parsing double literal.

openjdk-6b18 (6b18-1.8.5-0ubuntu1) maverick-security; urgency=low

  * IcedTea6 1.8.5 release.
    - CVE-2011-0025: IcedTea jarfile signature verification bypass.
 -- Matthias Klose <email address hidden> Wed, 02 Mar 2011 19:55:46 +0100