Bug#558173: Update 17 fixes several security issues

Thu, 26 Nov 2009 13:16:11 -0800 

Package: sun-java6
Severity: grave
Tags: security

Update 17 fixes a lot of security issues:

   [58]CVE-2009-3728 Directory traversal vulnerability in the 
ICC_Profile.getInstance ...
   [59]CVE-2009-3729 Unspecified vulnerability in the TrueType font parsing 
functionality ...
   [60]CVE-2009-3865 The launch method in the Deployment Toolkit plugin in Java 
Runtime ...
   [61]CVE-2009-3866 The Java Web Start Installer in Sun Java SE in JDK and JRE 
6 before ...
   [62]CVE-2009-3867 Stack-based buffer overflow in the HsbParser.getSoundBank 
function in ...
   [63]CVE-2009-3868 Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and 
JRE 6 before ...
   [64]CVE-2009-3869 Stack-based buffer overflow in the setDiffICM function in 
the Abstract ...
   [65]CVE-2009-3871 Heap-based buffer overflow in the setBytePixels function 
in the ...
   [66]CVE-2009-3872 Unspecified vulnerability in the JPEG JFIF Decoder in Sun 
Java SE in ...
   [67]CVE-2009-3873 The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 
before Update ...
   [68]CVE-2009-3874 Integer overflow in the JPEGImageReader implementation in 
the ImageI/O ...
   [69]CVE-2009-3875 The MessageDigest.isEqual function in Java Runtime 
Environment (JRE) ...
   [70]CVE-2009-3876 Unspecified vulnerability in Sun Java SE in JDK and JRE 
5.0 before ...
   [71]CVE-2009-3879 Multiple unspecified vulnerabilities in the (1) X11 and 
(2) ...
   [72]CVE-2009-3880 The Abstract Window Toolkit (AWT) in Java Runtime 
Environment (JRE) in ...
   [73]CVE-2009-3881 Sun Java SE 5.0 before Update 22 and 6 before Update 17, 
and OpenJDK, ...
   [74]CVE-2009-3882 Multiple unspecified vulnerabilities in the Swing 
implementation in ...
   [75]CVE-2009-3884 The TimeZone.getTimeZone method in Sun Java SE 5.0 before 
Update 22 ...
   [76]CVE-2009-3886 The Java Web Start implementation in Sun Java SE 6 before 
Update 17 ...

Details can be found in the Debian Security Tracker.

Cheers,
        Moritz


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.31-1-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to