-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 16 Feb 2011 00:46:20 +0100 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb Architecture: source i386 all Version: 6.24-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Sylvestre Ledru <sylvestre@debian.org> Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Changes: sun-java6 (6.24-1) unstable; urgency=high . * New upstream release * Watch file added * Homepage updated to http://jdk-distros.java.net/ * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-4476): Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number. - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability - (CVE-2010-4454): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution Vulnerability - (CVE-2010-4465): Swing timer-based security manager bypass - (CVE-2010-4467): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4469): Hotspot backward jsr heap corruption - (CVE-2010-4473): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4422): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4451): Vulnerability allows successful unauthenticated network attacks via HTTP. - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage Vulnerability - (CVE-2010-4470): JAXP untrusted component state manipulation - (CVE-2010-4471): Java2D font-related system property leak - (CVE-2010-4447): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4475): vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4468): DNS cache poisoning by untrusted applets - (CVE-2010-4450): Launcher incorrect processing of empty library path entries - (CVE-2010-4448): DNS cache poisoning by untrusted applets - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N implementation - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to Operating System. Checksums-Sha1: 60c0c308445601014934b26f4af83c20821a1d1e 1658 sun-java6_6.24-1.dsc f51f1d65555e43b1fd3d4dead86e6022ff215ec0 167431099 sun-java6_6.24.orig.tar.gz 905fe58112f5e80047e8b28e1b96c9bc5a90126b 89839 sun-java6_6.24-1.debian.tar.gz 8f0b13d352f35daeb36caab8b9216548b970a9b7 29970850 sun-java6-bin_6.24-1_i386.deb a44c2283ebc46329fd91b654346a715f6c043ab8 1998 sun-java6-plugin_6.24-1_i386.deb 8f7c8b330a5288f68735fe99b1a58c03265431e1 20227526 sun-java6-jdk_6.24-1_i386.deb b3a0b0597781515e66c3fa5dca0fb793337ff997 12153130 sun-java6-demo_6.24-1_i386.deb e8e2f89a0e49de0b89e93f31236d2e5cbed95c7f 6385462 sun-java6-jre_6.24-1_all.deb 10cf325ef504dc4450c3194df01e5d404f7235f8 1870 sun-java6-fonts_6.24-1_all.deb 601c0788dc9dc4960d05980328ae19459c0503a4 17916652 sun-java6-source_6.24-1_all.deb 05716af78d2f6dcb6434a222f96fa405c336b577 10773422 sun-java6-javadb_6.24-1_all.deb Checksums-Sha256: d205a6c04045bee27d8ab3a8d03dd6d62e85ddffcc4eceff2499feac64c28ef1 1658 sun-java6_6.24-1.dsc 982fad10cf584fa55781e7bef432fbf69e917a6975cb0a34f0c511ec651cd98a 167431099 sun-java6_6.24.orig.tar.gz f9501bd4e36761f8ffaf4b5f197503d791e632253165a48e7742673a8bc5165e 89839 sun-java6_6.24-1.debian.tar.gz feb2e14d15e251b4115418e70cb1c4c0e9b123c46c1d2cc5dedcedda2b99eacd 29970850 sun-java6-bin_6.24-1_i386.deb 1c3319543e705e578630d5f8853785f927f44e8b2b3b894690e08c061522aecf 1998 sun-java6-plugin_6.24-1_i386.deb 73712a46bf74f5627eb5350dc725b7e048eee1ea975eadfb8ce75ec4d5792a81 20227526 sun-java6-jdk_6.24-1_i386.deb d3b682664bc2415c5adc1ab1c87857d96c891694429245eaf83a7a715e0c261a 12153130 sun-java6-demo_6.24-1_i386.deb 6a62640756e4bf70dfea7aa6691522d6d217b36f26858c1016ea8e29cfb2bf41 6385462 sun-java6-jre_6.24-1_all.deb b6d48fcfd8869720300316d20ed40c4e5fff051979e035ca1416ff79560b6dd4 1870 sun-java6-fonts_6.24-1_all.deb 7aaee05dfd93443293151e91d9d71c4db37d675965cc4ac76656e3fbcb1ea4d3 17916652 sun-java6-source_6.24-1_all.deb dfb3d299a2cb094ef21281908496e58abcd61926f1a39ac0aa850468957182d4 10773422 sun-java6-javadb_6.24-1_all.deb Files: 15ee99f823b0f7389189ca5f290d41b1 1658 non-free/java optional sun-java6_6.24-1.dsc 3cd597b7d8a15ce1a235f36e4235d0c4 167431099 non-free/java optional sun-java6_6.24.orig.tar.gz 29954af9d1f8ffed4ca8feb2e317b45f 89839 non-free/java optional sun-java6_6.24-1.debian.tar.gz 3d7ec68a5161704d913f0ae01fa2e419 29970850 non-free/java optional sun-java6-bin_6.24-1_i386.deb 31acb235070b1b07863ff854e887190c 1998 non-free/web optional sun-java6-plugin_6.24-1_i386.deb eeea7d74f957cddc04b68822a3c90ddf 20227526 non-free/java optional sun-java6-jdk_6.24-1_i386.deb b84ec728bb01ee099993440367a2bf5a 12153130 non-free/java optional sun-java6-demo_6.24-1_i386.deb 11c7585681df0796d7a33a0e549b96aa 6385462 non-free/java optional sun-java6-jre_6.24-1_all.deb 61fe4baaf2e4de88e3fa30b089d21ee0 1870 non-free/fonts optional sun-java6-fonts_6.24-1_all.deb 882214d14c4c318222327c87ff5d3c0a 17916652 non-free/java optional sun-java6-source_6.24-1_all.deb 752e8b0ad7fe20e8536068c3ed909f4f 10773422 non-free/java optional sun-java6-javadb_6.24-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1bs1EACgkQiOXXM92JlhDFnACgu9fR74UiUo0xeVoxqy/x4G5e ZhEAnjgDj6QmgAZk97bzL4n7lpaAqXyP =fq27 -----END PGP SIGNATURE----- Accepted: sun-java6-bin_6.24-1_i386.deb to non-free/s/sun-java6/sun-java6-bin_6.24-1_i386.deb sun-java6-demo_6.24-1_i386.deb to non-free/s/sun-java6/sun-java6-demo_6.24-1_i386.deb sun-java6-fonts_6.24-1_all.deb to non-free/s/sun-java6/sun-java6-fonts_6.24-1_all.deb sun-java6-javadb_6.24-1_all.deb to non-free/s/sun-java6/sun-java6-javadb_6.24-1_all.deb sun-java6-jdk_6.24-1_i386.deb to non-free/s/sun-java6/sun-java6-jdk_6.24-1_i386.deb sun-java6-jre_6.24-1_all.deb to non-free/s/sun-java6/sun-java6-jre_6.24-1_all.deb sun-java6-plugin_6.24-1_i386.deb to non-free/s/sun-java6/sun-java6-plugin_6.24-1_i386.deb sun-java6-source_6.24-1_all.deb to non-free/s/sun-java6/sun-java6-source_6.24-1_all.deb sun-java6_6.24-1.debian.tar.gz to non-free/s/sun-java6/sun-java6_6.24-1.debian.tar.gz sun-java6_6.24-1.dsc to non-free/s/sun-java6/sun-java6_6.24-1.dsc sun-java6_6.24.orig.tar.gz to non-free/s/sun-java6/sun-java6_6.24.orig.tar.gz