Package: release.debian.org
Severity: important
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock openjdk-6/6b27-1.12.5-1 and openjdk-7/7u21-2.3.9-3, integrating
the last security updates into IcedTea 1.12.x and 2.3.x.
7u3-2.1.7-1 did still build the cacao VM, which is now disabled, and replaced by
a transitional package. the cacao VM for openjdk-7 currently is not as stable as
the one for openjdk-6, and trying to re-enable it caused build failures on i386
and s390. The changelogs are attached.
Matthias
openjdk-7 (7u21-2.3.9-3) unstable; urgency=high
* Disable the cacao build again, causing build failures on i386 and s390.
* Build a transitional cacao jre package instead.
openjdk-7 (7u21-2.3.9-2) unstable; urgency=high
* On ia64, use gcj-4.7 for the bootstrap build.
* Drop the cacao jre from recommends to suggests.
* Re-enable cacao, was enabled in the 2.1.x series.
openjdk-7 (7u21-2.3.9-1) unstable; urgency=high
* IcedTea7 2.3.9 release.
* Security fixes:
- S6657673, CVE-2013-1518: Issues with JAXP.
- S7200507: Refactor Introspector internals.
- S8000724, CVE-2013-2417: Improve networking serialization.
- S8001031, CVE-2013-2419: Better font processing.
- S8001040, CVE-2013-1537: Rework RMI model.
- S8001322: Refactor deserialization.
- S8001329, CVE-2013-1557: Augment RMI logging.
- S8003335: Better handling of Finalizer thread.
- S8003445: Adjust JAX-WS to focus on API.
- S8003543, CVE-2013-2415: Improve processing of MTOM attachments.
- S8004261: Improve input validation.
- S8004336, CVE-2013-2431: Better handling of method handle intrinsic
frames.
- S8004986, CVE-2013-2383: Better handling of glyph table.
- S8004987, CVE-2013-2384: Improve font layout.
- S8004994, CVE-2013-1569: Improve checking of glyph table.
- S8005432: Update access to JAX-WS.
- S8005943: (process) Improved Runtime.exec.
- S8006309: More reliable control panel operation.
- S8006435, CVE-2013-2424: Improvements in JMX.
- S8006790: Improve checking for windows.
- S8006795: Improve font warning messages.
- S8007406: Improve accessibility of AccessBridge.
- S8007617, CVE-2013-2420: Better validation of images.
- S8007667, CVE-2013-2430: Better image reading.
- S8007918, CVE-2013-2429: Better image writing.
- S8008140: Better method handle resolution.
- S8009049, CVE-2013-2436: Better method handle binding.
- S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap.
- S8009305, CVE-2013-0401: Improve AWT data transfer.
- S8009677, CVE-2013-2423: Better setting of setters.
- S8009699, CVE-2013-2421: Methodhandle lookup.
- S8009814, CVE-2013-1488: Better driver management.
- S8009857, CVE-2013-2422: Problem with plugin.
* Backports:
- S7130662: GTK file dialog crashes with a NPE.
* Bug fixes
- PR1363: Fedora 19 / rawhide FTBFS SIGILL.
- PR1401: Fix Zero build on 2.3.8.
- Fix offset problem in ICU LETableReference.
- Change -Werror fix to preserve OpenJDK default.
- PR1303: Correct #ifdef to #if.
- PR1404: Failure to bootstrap with ecj 4.2.
openjdk-6 (6b27-1.12.5-1) unstable; urgency=low
* IcedTea 1.12.5 release.
* Security fixes:
- S6657673, CVE-2013-1518: Issues with JAXP.
- S7200507: Refactor Introspector internals.
- S8000724, CVE-2013-2417: Improve networking serialization.
- S8001031, CVE-2013-2419: Better font processing.
- S8001040, CVE-2013-1537: Rework RMI model.
- S8001322: Refactor deserialization.
- S8001329, CVE-2013-1557: Augment RMI logging.
- S8003335: Better handling of Finalizer thread.
- S8003445: Adjust JAX-WS to focus on API.
- S8003543, CVE-2013-2415: Improve processing of MTOM attachments.
- S8004261: Improve input validation.
- S8004336, CVE-2013-2431: Better handling of method handle
intrinsic frames.
- S8004986, CVE-2013-2383: Better handling of glyph table.
- S8004987, CVE-2013-2384: Improve font layout.
- S8004994, CVE-2013-1569: Improve checking of glyph table.
- S8005432: Update access to JAX-WS.
- S8005943: (process) Improved Runtime.exec.
- S8006309: More reliable control panel operation.
- S8006435, CVE-2013-2424: Improvements in JMX.
- S8006790: Improve checking for windows.
- S8006795: Improve font warning messages.
- S8007406: Improve accessibility of AccessBridge.
- S8007617, CVE-2013-2420: Better validation of images.
- S8007667, CVE-2013-2430: Better image reading.
- S8007918, CVE-2013-2429: Better image writing.
- S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap.
- S8009305, CVE-2013-0401: Improve AWT data transfer.
- S8009699, CVE-2013-2421: Methodhandle lookup.
- S8009814, CVE-2013-1488: Better driver management.
- S8009857, CVE-2013-2422: Problem with plugin.
- RH952389: Temporary files created with insecure permissions.
* Backports;
- S7197906: BlockOffsetArray::power_to_cards_back() needs to handle
> 32 bit shifts
- S7036559: ConcurrentHashMap footprint and contention improvements.
- S5102804: Memory leak in Introspector.getBeanInfo(Class) for custom
BeanInfo: Class param (with WeakCache from S6397609).
- S6501644: Sync LayoutEngine *code* structure to match ICU.
- S6886358: Layout code update.
- S6963811: Deadlock-prone locking changes in Introspector.
- S7017324: Kerning crash in JDK 7 since ICU layout update.
- S7064279: Introspector.getBeanInfo() should release some resources
in timely manner.
- S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01.
- S7133220: Additional patches to JAXP 1.4.5 update 1 for 7u4 (partial
for S6657673).
- S8009530: ICU Kern table support broken.
* Bug fixes:
- OJ3: Fix get_stack_bounds memory leak (alternate fix for S7197906).
- PR1362: Fedora 19 / rawhide FTBFS SIGILL.
- PR1338: Remove dependency on libXp.
- PR1339: Simplify the rhino class rewriter to avoid use of concurrency.
- PR1319: Correct #ifdef to #if
- Give xalan/xerces access to their own internal packages.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
