Update icedtea-java7 to Java SE 7 Update 1

Bug #878684 reported by Dmitry on 2011-10-20
270
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openjdk-6 (Ubuntu)
Undecided
Unassigned
Lucid
High
Steve Beattie
Maverick
High
Steve Beattie
Natty
High
Steve Beattie
Oneiric
High
Steve Beattie
openjdk-7 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Steve Beattie

Bug Description

Multiple security vulnerabilities were fixed in the latest release of java7.
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

An update of icedtea-java7 is needed.

visibility: private → public
Changed in icedtea-java7 (Ubuntu):
status: New → Triaged
affects: icedtea-java7 (Ubuntu) → openjdk-6 (Ubuntu)
Changed in openjdk-7 (Ubuntu):
status: New → Triaged
Matthias Klose (doko) wrote :

fixed in precise; please find test packages for lucid, maverick, oneiric in the openjdk-r PPA.

Changed in openjdk-7 (Ubuntu):
status: Triaged → Fix Released
Changed in openjdk-6 (Ubuntu):
status: Triaged → Fix Released
Changed in openjdk-6 (Ubuntu Lucid):
importance: Undecided → High
status: New → In Progress
Changed in openjdk-6 (Ubuntu Maverick):
importance: Undecided → High
status: New → In Progress
Changed in openjdk-6 (Ubuntu Oneiric):
importance: Undecided → High
status: New → In Progress
Changed in openjdk-7 (Ubuntu Lucid):
status: New → Invalid
Changed in openjdk-7 (Ubuntu Maverick):
status: New → Invalid
Changed in openjdk-7 (Ubuntu Natty):
status: New → Invalid
Changed in openjdk-7 (Ubuntu Oneiric):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openjdk-6 (Ubuntu Natty):
status: New → Confirmed
Steve Beattie (sbeattie) on 2011-10-26
Changed in openjdk-6 (Ubuntu Lucid):
assignee: nobody → Steve Beattie (sbeattie)
Changed in openjdk-6 (Ubuntu Maverick):
assignee: nobody → Steve Beattie (sbeattie)
Changed in openjdk-6 (Ubuntu Natty):
assignee: nobody → Steve Beattie (sbeattie)
status: Confirmed → In Progress
Changed in openjdk-6 (Ubuntu Oneiric):
assignee: nobody → Steve Beattie (sbeattie)
Changed in openjdk-7 (Ubuntu Oneiric):
assignee: nobody → Steve Beattie (sbeattie)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-6 - 6b23~pre11-0ubuntu1.11.10

---------------
openjdk-6 (6b23~pre11-0ubuntu1.11.10) oneiric-security; urgency=low

  * Build for oneiric.

openjdk-6 (6b23~pre11-1) unstable; urgency=high

  * Build with jpeg8. Closes: #644070.
  * Tighten inter-package dependencies for Debian builds. Closes: #641240.

openjdk-6 (6b23~pre11-0ubuntu1) precise; urgency=low

  * Update from the IcedTea6 branch (20111019) LP: #878684.
    - Security fixes:
      - S7000600, CVE-2011-3547: InputStream skip() information leak.
      - S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor.
      - S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow.
      - S7032417, CVE-2011-3552: excessive default UDP socket limit under
        SecurityManager.
      - S7046794, CVE-2011-3553: JAX-WS stack-traces information leak.
      - S7046823, CVE-2011-3544: missing SecurityManager checks in scripting
        engine.
      - S7055902, CVE-2011-3521: IIOP deserialization code execution.
      - S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress
        error checks.
      - S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack
        against SSL/TLS (BEAST).
      - S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from
        PorterStemmer.
      - S7077466, CVE-2011-3556: RMI DGC server remote code execution.
      - S7083012, CVE-2011-3557: RMI registry privileged code execution.
      - S7096936, CVE-2011-3560: missing checkSetFactory calls in
        HttpsURLConnection.
    - Update JamVM.
      - Implement classlibCheckIfOnLoad().
      - Make thread states JVMTI compatible.
      - Handle 'g' when specifying memory + extra checks.
      - Make command line compatibility options table-driven.
    - Update CACAO.

openjdk-6 (6b23~pre10-1) unstable; urgency=low

  [ Matthias Klose ]
  * Fix exception on trying to start PulseAudio playback on ARM (Xerxes
    Rånby, David Henningsson). LP: #862286.

  [ Damien Raude-Morvan ]
  * Add myself to Uploaders.
  * d/rules: Fix java.policy to include jre/lib/ext/* files (instead of
    non-existant ext/*). It'll restore privilegied access from sunpkcs11.jar
    to sun.* code. (Closes: #642734, #642598).
 -- Matthias Klose <email address hidden> Thu, 20 Oct 2011 18:05:17 +0200

Changed in openjdk-6 (Ubuntu Oneiric):
status: In Progress → Fix Released
Steve Beattie (sbeattie) wrote :

OpenJDK 7 was fixed in oneiric in https://launchpad.net/ubuntu/+source/openjdk-7/7~b147-2.0-0ubuntu0.11.10.1 ; my apologies for not referring to this bug there and also messing up the changes entry to not show the full changelog between 7~b147-2.0~pre6-1ubuntu1 and 7~b147-2.0-0ubuntu0.11.10.1.

Changed in openjdk-7 (Ubuntu Oneiric):
status: In Progress → Fix Released
Changed in openjdk-6 (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in openjdk-6 (Ubuntu Maverick):
status: In Progress → Fix Released
Changed in openjdk-6 (Ubuntu Natty):
importance: Undecided → High
status: In Progress → Fix Released
Steve Beattie (sbeattie) wrote :

OpenJDK 6 packages were addressed with http://www.ubuntu.com/usn/usn-1263-1/

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers