Debian Bug report logs -
#677486
Multiple security issues
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 14 Jun 2012 09:25:40 UTC
Severity: grave
Tags: security
Fixed in version openjdk-7/7~u3-2.1.1-1
Done: Damien Raude-Morvan <drazzib@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, OpenJDK Team <openjdk@lists.launchpad.net>:
Bug#677486; Package openjdk-7.
(Thu, 14 Jun 2012 09:25:50 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, OpenJDK Team <openjdk@lists.launchpad.net>.
(Thu, 14 Jun 2012 09:25:52 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openjdk-7
Severity: grave
Tags: security
Multiple security issues have been fixed in the latest Java update round:
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html#PatchTable
Cheers,
Moritz
Reply sent
to Damien Raude-Morvan <drazzib@debian.org>:
You have taken responsibility.
(Sun, 17 Jun 2012 22:13:29 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sun, 17 Jun 2012 22:13:31 GMT) (full text, mbox, link).
Message #10 received at 677486-close@bugs.debian.org (full text, mbox, reply):
Source: openjdk-7
Source-Version: 7~u3-2.1.1-1
We believe that the bug you reported is fixed in the latest version of
openjdk-7, which is due to be installed in the Debian FTP archive:
icedtea-7-jre-cacao_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/icedtea-7-jre-cacao_7~u3-2.1.1-1_amd64.deb
icedtea-7-jre-jamvm_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/icedtea-7-jre-jamvm_7~u3-2.1.1-1_amd64.deb
openjdk-7-dbg_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/openjdk-7-dbg_7~u3-2.1.1-1_amd64.deb
openjdk-7-demo_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/openjdk-7-demo_7~u3-2.1.1-1_amd64.deb
openjdk-7-doc_7~u3-2.1.1-1_all.deb
to main/o/openjdk-7/openjdk-7-doc_7~u3-2.1.1-1_all.deb
openjdk-7-jdk_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/openjdk-7-jdk_7~u3-2.1.1-1_amd64.deb
openjdk-7-jre-headless_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/openjdk-7-jre-headless_7~u3-2.1.1-1_amd64.deb
openjdk-7-jre-lib_7~u3-2.1.1-1_all.deb
to main/o/openjdk-7/openjdk-7-jre-lib_7~u3-2.1.1-1_all.deb
openjdk-7-jre-zero_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/openjdk-7-jre-zero_7~u3-2.1.1-1_amd64.deb
openjdk-7-jre_7~u3-2.1.1-1_amd64.deb
to main/o/openjdk-7/openjdk-7-jre_7~u3-2.1.1-1_amd64.deb
openjdk-7-source_7~u3-2.1.1-1_all.deb
to main/o/openjdk-7/openjdk-7-source_7~u3-2.1.1-1_all.deb
openjdk-7_7~u3-2.1.1-1.diff.gz
to main/o/openjdk-7/openjdk-7_7~u3-2.1.1-1.diff.gz
openjdk-7_7~u3-2.1.1-1.dsc
to main/o/openjdk-7/openjdk-7_7~u3-2.1.1-1.dsc
openjdk-7_7~u3-2.1.1.orig.tar.gz
to main/o/openjdk-7/openjdk-7_7~u3-2.1.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 677486@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damien Raude-Morvan <drazzib@debian.org> (supplier of updated openjdk-7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 11 Jun 2012 21:01:10 +0200
Source: openjdk-7
Binary: openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-jre-lib openjdk-7-demo openjdk-7-source openjdk-7-doc openjdk-7-dbg icedtea-7-jre-cacao icedtea-7-jre-jamvm openjdk-7-jre-zero
Architecture: source amd64 all
Version: 7~u3-2.1.1-1
Distribution: sid
Urgency: medium
Maintainer: OpenJDK Team <openjdk@lists.launchpad.net>
Changed-By: Damien Raude-Morvan <drazzib@debian.org>
Description:
icedtea-7-jre-cacao - Alternative JVM for OpenJDK, using Cacao
icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
openjdk-7-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-7-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-7-doc - OpenJDK Development Kit (JDK) documentation
openjdk-7-jdk - OpenJDK Development Kit (JDK)
openjdk-7-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-7-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-7-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-7-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
openjdk-7-source - OpenJDK Development Kit (JDK) source files
Closes: 661465 670896 676351 677486
Changes:
openjdk-7 (7~u3-2.1.1-1) unstable; urgency=medium
.
* New upstream release with security fixes (Closes: #677486):
- S7079902, CVE-2012-1711: Refine CORBA data models
- S7110720: Issue with vm config file loadingIssue with
vm config file loading
- S7143606, CVE-2012-1717: File.createTempFile should be improved
for temporary files created by the platform.
- S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
- S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations
- S7143851, CVE-2012-1719: Improve IIOP stub and tie generation in RMIC
- S7143872, CVE-2012-1718: Improve certificate extension processing
- S7145239: Finetune package definition restriction
- S7152811, CVE-2012-1723: Issues in client compiler
- S7157609, CVE-2012-1724: Issues with loop
- S7160677: missing else in fix for 7152811
- S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
- S7165628, CVE-2012-1726: Issues with
java.lang.invoke.MethodHandles.Lookup
* Patches merged upstream:
- debian/patches/arm-thumb-fix.diff
- debian/patches/gcc-4.7.diff
.
[ James Page ]
* Cherry picked patch from openjdk-6 to fix handling of
ICC profiles (LP: #888123, #888129) (Closes: #676351).
.
[ Damien Raude-Morvan ]
* Move libgnome2-0, libgnomevfs2-0, libgconf2-4 from Depends of JRE package
to Recommends (Closes: #661465).
* New jni_md_h_JNIEXPORT_visibility.patch to allow JNIEXPORT definition
to work with -fvisibility=hidden. (Closes: #670896).
Checksums-Sha1:
f3a16b9c08f3860ae75db195f4c31f7269d8e7d0 3550 openjdk-7_7~u3-2.1.1-1.dsc
d8644ea56064220a730b3ce9647ff5eea5af85f8 66406240 openjdk-7_7~u3-2.1.1.orig.tar.gz
7fa771a82f740a747da706415d83c01890224429 194785 openjdk-7_7~u3-2.1.1-1.diff.gz
548dd2abc0b8b40ada2b2d901a3b5998c1937e08 11552006 openjdk-7-jdk_7~u3-2.1.1-1_amd64.deb
668fbfe13b3d60dedb03ef44dab025fb9367d572 28178066 openjdk-7-jre-headless_7~u3-2.1.1-1_amd64.deb
d5d2e50955b282b231db573e880eda00c5f4fda7 238708 openjdk-7-jre_7~u3-2.1.1-1_amd64.deb
ad0c1a3627215cf0f46e028a598cded6ab53e2a2 2529666 openjdk-7-demo_7~u3-2.1.1-1_amd64.deb
c311e5c36741be9c0287efe0616fc531c0f13181 155669112 openjdk-7-dbg_7~u3-2.1.1-1_amd64.deb
b2c027a49abf0f16a495e6543d799a4ac47dc864 841154 icedtea-7-jre-cacao_7~u3-2.1.1-1_amd64.deb
f8560eb18af3e92f1c9fbdbe73e1f38d23bb03f0 622274 icedtea-7-jre-jamvm_7~u3-2.1.1-1_amd64.deb
896bb2e73467c1d2e06f0071ae27bc17290d8338 2371254 openjdk-7-jre-zero_7~u3-2.1.1-1_amd64.deb
bcf080c76bfe5d4a193f0dadf5ee5f0a340bada4 5224448 openjdk-7-jre-lib_7~u3-2.1.1-1_all.deb
2bd79cb71f0849824f50079259ac72443fd6a9a3 41354174 openjdk-7-source_7~u3-2.1.1-1_all.deb
7aae377631c563440a77b6698153a2865b2d1b0d 22090378 openjdk-7-doc_7~u3-2.1.1-1_all.deb
Checksums-Sha256:
a8b3a88b3601a119e17adb65192f5b09ebb175f16b0b072deeccbfade56d01d6 3550 openjdk-7_7~u3-2.1.1-1.dsc
9d73b762a4f149413770a1b0515ad7d61f3523fc6078698e8c280566081e20df 66406240 openjdk-7_7~u3-2.1.1.orig.tar.gz
64bc4852ff1fab432fb20db965984f7320918e11c0e9e399a43280c40d09941d 194785 openjdk-7_7~u3-2.1.1-1.diff.gz
6bb8eccd293e943546a3723cfe5cd26eefc86c1aa253c94f6bb46ce485a93ae4 11552006 openjdk-7-jdk_7~u3-2.1.1-1_amd64.deb
8d4827a851ec9a27c5fde2ecca6fad55f7c059a8e38275d18fc57eb826c62aa0 28178066 openjdk-7-jre-headless_7~u3-2.1.1-1_amd64.deb
2a0a3b20d626fc838dd84dd3203b5f3da08e850b6fb503b7b84392658042f0bd 238708 openjdk-7-jre_7~u3-2.1.1-1_amd64.deb
1b3224d089e7bca9d2f8838a21e0c646241474011f078d62feb131b5802e708d 2529666 openjdk-7-demo_7~u3-2.1.1-1_amd64.deb
df8134b63a7084a3ed1e29e9a4c61d63d904faff8a58ec86715f374cd7eced84 155669112 openjdk-7-dbg_7~u3-2.1.1-1_amd64.deb
9d67aaca77aa10d396874966e781f5c4bff6c74bed34a55a29bc3a0d386c1fe4 841154 icedtea-7-jre-cacao_7~u3-2.1.1-1_amd64.deb
66a9704d7a638518f5c16bd18dad7a4e04bfaf3aa76141cd6d1ff75123dd2de9 622274 icedtea-7-jre-jamvm_7~u3-2.1.1-1_amd64.deb
ff4c2aa10e4a974e6f4e5855f651b05720b47e26615a3a04c2d0ff7a945e810b 2371254 openjdk-7-jre-zero_7~u3-2.1.1-1_amd64.deb
3dd23992c6b2326ab602d826944ddccada6e68e1d8f602fb110aefc604ca36f4 5224448 openjdk-7-jre-lib_7~u3-2.1.1-1_all.deb
88e0c9088e85ac4b1081632cd16f65f3286c4335d260d6ea431eb042f381d882 41354174 openjdk-7-source_7~u3-2.1.1-1_all.deb
727d595543270e7abe441f62bf5ab133690b4c866d2468f0614312927e0b4693 22090378 openjdk-7-doc_7~u3-2.1.1-1_all.deb
Files:
cc4da2d3d54655c700cec076f259cfbb 3550 java optional openjdk-7_7~u3-2.1.1-1.dsc
ebee03f1604c6bbc6e85096aa97a7b88 66406240 java optional openjdk-7_7~u3-2.1.1.orig.tar.gz
5cf0c92405e1d8a08da3d035e35a922c 194785 java optional openjdk-7_7~u3-2.1.1-1.diff.gz
108247407b0b6926bde232eabf6fde8f 11552006 java optional openjdk-7-jdk_7~u3-2.1.1-1_amd64.deb
de98b194cc34c03c9a5ad9fa675fa93d 28178066 java optional openjdk-7-jre-headless_7~u3-2.1.1-1_amd64.deb
c38ffa922b67b2888128f1e8483fe249 238708 java optional openjdk-7-jre_7~u3-2.1.1-1_amd64.deb
3ede3a42947fff3e8169e9f8c25e4a7e 2529666 java extra openjdk-7-demo_7~u3-2.1.1-1_amd64.deb
a8ed6ca4da9efa969fb601d85871ffb2 155669112 debug extra openjdk-7-dbg_7~u3-2.1.1-1_amd64.deb
eeac39986f9ab77e8b2afeaa6771d756 841154 java extra icedtea-7-jre-cacao_7~u3-2.1.1-1_amd64.deb
9947a909baa119e71f2e0b702ca39b81 622274 java extra icedtea-7-jre-jamvm_7~u3-2.1.1-1_amd64.deb
76965b10985be86dc69e66d64a64f3ac 2371254 java extra openjdk-7-jre-zero_7~u3-2.1.1-1_amd64.deb
e6d1ae8b38e9fd49d65a151e5fc23cdd 5224448 java optional openjdk-7-jre-lib_7~u3-2.1.1-1_all.deb
020486c66584663bb36024422263b912 41354174 java extra openjdk-7-source_7~u3-2.1.1-1_all.deb
b059ea793e2d12c5cf3737daef604b0c 22090378 doc extra openjdk-7-doc_7~u3-2.1.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJP3kIvAAoJEHXiDM0z50n8r9EQAMUP8LoL16NP6RNIIGpVBfQm
VRaacjeSoXEMfl5/a7rscw2TBwK+0VdnKJZeU9YgRA4DDE0viFo76zztQ3qC5Z+m
Z/fIMzvnAyfQ1Pr4iwiEDyYSJrx+cqV8dO8BhX6P6Nc8NM5OpdFgSGEi9Ay2LGEv
GnkvyOvOp7yRUKTdyt7w0sMNyVIClQIg5SFaXHTVbQ69DXXkhRztQApJFADSUtbZ
z3zx3DX9p7LWL7Xli+J8l2PdbIfcrKKaYUbB8aewyQw08H1gbVhLm7n/NZUBggEK
k+KEQp7RzPkyj/rl40/8F7ReBRmjPJKi7lf3slI0rWW/5OfGjQXyA+py9ZIuBDyG
W7a27LkUWGvCKnYI9bXGwn/aBMJ2f++mIdhhwLVobc9TYmweZYjPp/G7/0+I5nHz
CO7MAUFJ6Td69ROIwSnFL1k0R+bSBo1GZCWVgY1JBkzeCzYdfG9XKV9morXzphNw
KaAyYH6vBYvjPktROIfmC/BV18SiqeCBcln+BpfM4lpJ1GDSkI4YWF4XBU/UBubr
/8O43B3T8Qza1qV6PM7r0f9O4FuV9nFuqRzLo6CX62L6LZodwzC1uxFHxjCJjTF8
/36IgWvlxDn2HDsd+IvMXW74rC9Fg+R/z3VW/DdMIjwWr04L32xyAYdzhF+vc2iP
kHQzrbBMLy5tyDqYb8Tv
=9lp8
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 22 Jul 2012 07:31:26 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:05:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon