Ubuntu
sun-java6 package

[sun-java] security update available from upstream

Bug #199477 reported by disabled.user
266
Affects Status Importance Assigned to Milestone
sun-java5 (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
sun-java6 (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: sun-java6-jre

Sun provides updated java packages which "contains fixes for one or more security vulnerabilities".

References:
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05

Revision history for this message
James Stansell (jamesstansell) wrote :

For reference, Sun posted additional information here:

  http://blogs.sun.com/security/entry/advance_notification_of_security_updates1

-jim.

Revision history for this message
Matthias Klose (doko) wrote :

no, they are not: https://jdk-distros.dev.java.net/

Revision history for this message
Alex Mayorga (alex-mayorga) wrote :

Matthias,

They might be still working on the distro distributable version then. The Linux installer for 6.0 update 5 is already available from http://java.sun.com/javase/downloads/index.jsp
I've added the CVE # to this bug and here's a link to US-CERT that summarizes the vulnerabilities http://www.us-cert.gov/cas/techalerts/TA08-066A.html

I'd like to get involved in the whole Java in Ubuntu thing so please drop me a line if you need help or anything.

Revision history for this message
Alex Mayorga (alex-mayorga) wrote :

Sun advises to migrate to JDK and JRE 5.0 Update 15 or later

Changed in sun-java5:
status: New → Confirmed
Revision history for this message
Alex Mayorga (alex-mayorga) wrote :

Sun advises to migrate to JDK and JRE 6 Update 5 or later

Changed in sun-java6:
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sun-java5 - 1.5.0-15-0ubuntu1

---------------
sun-java5 (1.5.0-15-0ubuntu1) hardy; urgency=low

  * New upstream bug fix release.
    This was released today on https://jdk-distros.dev.java.net/developer.html.
    Distributions are not allowed to package the released versions published
    at http://java.sun.com/javase/downloads and have to wait for the
    availability of the DLJ bundles. No need to file reports like LP: #199477.
  * Install all desktop files in /usr/share/applications.
  * sun-java5-jdk: Add java*-sdk provides.
  * Adjust plugin links for xulrunner-1.9.

 -- Matthias Klose <email address hidden> Wed, 26 Mar 2008 00:20:09 +0000

Changed in sun-java5:
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sun-java6 - 6-05-0ubuntu1

---------------
sun-java6 (6-05-0ubuntu1) hardy; urgency=low

  * New upstream bug fix release.
    This was released today on https://jdk-distros.dev.java.net/developer.html.
    Distributions are not allowed to package the released versions published
    at http://java.sun.com/javase/downloads and have to wait for the
    availability of the DLJ bundles. No need to file reports like LP: #199477.
  * Install all desktop files in /usr/share/applications.
  * sun-java6-jdk: Add java*-sdk provides.
  * Adjust plugin links for xulrunner-1.9. LP: #173966, #198633.

 -- Matthias Klose <email address hidden> Tue, 25 Mar 2008 23:33:13 +0000

Changed in sun-java6:
status: Confirmed → Fix Released
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Won't there be security upgrades for the stable releases? Gutsy's sun-java6 is still at 6-03-0ubuntu2.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.