Your message dated Sun, 14 Nov 2010 19:59:30 +0000
with message-id <e1phija-0001qm...@franck.debian.org>
and subject line Bug#601802: fixed in sun-java6 6-22-0lenny1
has caused the Debian Bug report #601802,
regarding sun-java6-jre: update 22 not available in lenny is a security issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
601802: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601802
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sun-java6-jre
Version: 6-20-0lenny1
Some time ago Oracle released Java 6 update 22 patching a critical
security issue. Is it possible to make this version available to Debian
Lenny?
--- End Message ---
--- Begin Message ---
Source: sun-java6
Source-Version: 6-22-0lenny1
We believe that the bug you reported is fixed in the latest version of
sun-java6, which is due to be installed in the Debian FTP archive:
ia32-sun-java6-bin_6-22-0lenny1_amd64.deb
to non-free/s/sun-java6/ia32-sun-java6-bin_6-22-0lenny1_amd64.deb
sun-java6-bin_6-22-0lenny1_amd64.deb
to non-free/s/sun-java6/sun-java6-bin_6-22-0lenny1_amd64.deb
sun-java6-bin_6-22-0lenny1_i386.deb
to non-free/s/sun-java6/sun-java6-bin_6-22-0lenny1_i386.deb
sun-java6-demo_6-22-0lenny1_amd64.deb
to non-free/s/sun-java6/sun-java6-demo_6-22-0lenny1_amd64.deb
sun-java6-demo_6-22-0lenny1_i386.deb
to non-free/s/sun-java6/sun-java6-demo_6-22-0lenny1_i386.deb
sun-java6-doc_6-22-0lenny1_all.deb
to non-free/s/sun-java6/sun-java6-doc_6-22-0lenny1_all.deb
sun-java6-fonts_6-22-0lenny1_all.deb
to non-free/s/sun-java6/sun-java6-fonts_6-22-0lenny1_all.deb
sun-java6-javadb_6-22-0lenny1_all.deb
to non-free/s/sun-java6/sun-java6-javadb_6-22-0lenny1_all.deb
sun-java6-jdk_6-22-0lenny1_amd64.deb
to non-free/s/sun-java6/sun-java6-jdk_6-22-0lenny1_amd64.deb
sun-java6-jdk_6-22-0lenny1_i386.deb
to non-free/s/sun-java6/sun-java6-jdk_6-22-0lenny1_i386.deb
sun-java6-jre_6-22-0lenny1_all.deb
to non-free/s/sun-java6/sun-java6-jre_6-22-0lenny1_all.deb
sun-java6-plugin_6-22-0lenny1_amd64.deb
to non-free/s/sun-java6/sun-java6-plugin_6-22-0lenny1_amd64.deb
sun-java6-plugin_6-22-0lenny1_i386.deb
to non-free/s/sun-java6/sun-java6-plugin_6-22-0lenny1_i386.deb
sun-java6-source_6-22-0lenny1_all.deb
to non-free/s/sun-java6/sun-java6-source_6-22-0lenny1_all.deb
sun-java6_6-22-0lenny1.diff.gz
to non-free/s/sun-java6/sun-java6_6-22-0lenny1.diff.gz
sun-java6_6-22-0lenny1.dsc
to non-free/s/sun-java6/sun-java6_6-22-0lenny1.dsc
sun-java6_6-22.orig.tar.gz
to non-free/s/sun-java6/sun-java6_6-22.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 601...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Torsten Werner <twer...@debian.org> (supplier of updated sun-java6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 06 Nov 2010 10:56:16 +0100
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin
ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo
sun-java6-source sun-java6-doc sun-java6-javadb
Architecture: all amd64 i386 source
Version: 6-22-0lenny1
Distribution: stable
Urgency: low
Maintainer: Matthias Klose <d...@ubuntu.com>
Changed-By: Torsten Werner <twer...@debian.org>
Closes: 601802
Description:
ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture
dependent
sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
sun-java6-doc - Sun JDK(TM) Documention -- integration installer
sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture
independen
sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Changes:
sun-java6 (6-22-0lenny1) stable; urgency=low
.
* New upstream release (Closes: #601802)
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-3556): JDK unspecified vulnerability in 2D component
- (CVE-2010-3562): JDK IndexColorModel double-free
- (CVE-2010-3565): JDK JPEG writeImage remote code execution
- (CVE-2010-3566): JDK ICC Profile remote code execution
- (CVE-2010-3567): Crash in ICU Opentype layout engine due to mismatch in
character counts
- (CVE-2010-3571): JDK unspecified vulnerability in 2D component
- (CVE-2010-3554): JDK corba reflection vulnerabilities
- (CVE-2010-3563): JDK unspecified vulnerability in Deployment component
- (CVE-2010-3568): JDK Deserialization Race condition
- (CVE-2010-3569): JDK Serialization inconsistencies
- (CVE-2010-3558): JDK unspecified vulnerability in Java Web Start
component
- (CVE-2010-3552): JDK unspecified vulnerability in New Java Plugin
component
- (CVE-2010-3559): JDK unspecified vulnerability in Sound component
- (CVE-2010-3572): JDK unspecified vulnerability in Sound component
- (CVE-2010-3553): UIDefault.ProxyLazyValue has unsafe reflection usage
- (CVE-2010-3555): JDK unspecified vulnerability in Deployment component
- (CVE-2010-3550): JDK unspecified vulnerability in Java Web Start
component
- (CVE-2010-3570): JDK unspecified vulnerability in Deployment Toolkit
- (CVE-2010-3561): Privileged ServerSocket.accept allows receiving
connections from any host
- (CVE-2009-3555): TLS: MITM attacks via session renegotiation
- (CVE-2010-1321): krb5: null pointer dereference in GSS-API library leads
to DoS
- (CVE-2010-3549): HttpURLConnection chunked encoding issue (Http request
splitting)
- (CVE-2010-3557): JDK Swing mutable static
- (CVE-2010-3541): limit setting of some request headers in
HttpURLConnection
- (CVE-2010-3573): limit HTTP request cookie headers in HttpURLConnection
- (CVE-2010-3574): limit use of TRACE method in HttpURLConnection
- (CVE-2010-3548): JDK DNS server IP address information leak
- (CVE-2010-3551): NetworkInterface reveals local network address to
untrusted code
- (CVE-2010-3560): JDK unspecified vulnerability in Networking component
Checksums-Sha1:
bee064c665b68702a19e91371071df2d1a5bdd03 1702 sun-java6_6-22-0lenny1.dsc
d6f0032323ed0bd7fc00d86776920a48bebe84ba 165194956 sun-java6_6-22.orig.tar.gz
eaa5599253ceaf8df9ac3ecf9f658b464a7b7f49 80237 sun-java6_6-22-0lenny1.diff.gz
986441f35128bc6d6bffdbc339130055f9fc3010 27941368
sun-java6-bin_6-22-0lenny1_amd64.deb
8faf80bf76042396f8835fb3ff08ebac9e33bd40 1954
sun-java6-plugin_6-22-0lenny1_amd64.deb
950d5ea1aa5daa34ffaf2c8c0b7afe4fdcd03cfe 29701004
ia32-sun-java6-bin_6-22-0lenny1_amd64.deb
061549ae0ef39fec143e13075bb82b45a970f5b7 19884002
sun-java6-jdk_6-22-0lenny1_amd64.deb
9d48487840e4c37aa2af5d5b8909bb45d065e969 12162558
sun-java6-demo_6-22-0lenny1_amd64.deb
76a3abeb824cdb2d005b8b67f2bb9fc93e3689ee 6540112
sun-java6-jre_6-22-0lenny1_all.deb
4a36d65326e585a61dd10fbbafab3221465c5538 1848
sun-java6-fonts_6-22-0lenny1_all.deb
25cfc417856c5906efa63bdf16b4bb243836bc6b 17936460
sun-java6-source_6-22-0lenny1_all.deb
ee66ad58d23e922ebac817ed80d1e8eeca0664fd 34930
sun-java6-doc_6-22-0lenny1_all.deb
365df5694d98f8fbc2f01ad839fbd1fb1d702274 10406694
sun-java6-javadb_6-22-0lenny1_all.deb
1b963431a88aca79ea3fb9c5965763d41a8e6b02 29700188
sun-java6-bin_6-22-0lenny1_i386.deb
2849915c5f6261f97d5f77fa1eb09e94e5a9b80e 1956
sun-java6-plugin_6-22-0lenny1_i386.deb
605d53ae7b0b4e6f561ad78ec0319ebde69bd87f 19712180
sun-java6-jdk_6-22-0lenny1_i386.deb
13bc7377e36bb9da06abf6ac68524522d8848a2e 12157626
sun-java6-demo_6-22-0lenny1_i386.deb
Checksums-Sha256:
8758b594de5e4dc692e4c527af86fc0be36e3e7dc825d0b20fceeed31383f92e 1702
sun-java6_6-22-0lenny1.dsc
6c144a6524cb811ab4fa67ea857474d231c77222088166660b3957ed6dc1678c 165194956
sun-java6_6-22.orig.tar.gz
644d2b1c8ba89e6200636bf68531499fcab22965a1b36946c04e48406eed2a28 80237
sun-java6_6-22-0lenny1.diff.gz
8e59a612aaec47df85659d5d18b89ceaba80fb4758e59d3a7c2c9f83ba8fc542 27941368
sun-java6-bin_6-22-0lenny1_amd64.deb
144a6984d242dc1f6d571301e040df220823e5f69b7dc0f9fb5b721857f51573 1954
sun-java6-plugin_6-22-0lenny1_amd64.deb
b469c9c5e5ba24e0f840bd972dd62c0f8b1c9b1444cd53909b22eb28c447d930 29701004
ia32-sun-java6-bin_6-22-0lenny1_amd64.deb
a6deaab6a8299212e1de7a63235645ad8b789574b641933573e345b588c4ea1a 19884002
sun-java6-jdk_6-22-0lenny1_amd64.deb
4f2b8e9d5d47b620da6f42eb7df45c8851fe23b99118af030d7198f003de3ec2 12162558
sun-java6-demo_6-22-0lenny1_amd64.deb
23df895113776393d88127045a8b9dd6da6df6485bd9c22c7568bef9945c556d 6540112
sun-java6-jre_6-22-0lenny1_all.deb
2a9bd91181f152ad85d68f00cc582d91bb8ab139c0813a8b54769e462c8152c1 1848
sun-java6-fonts_6-22-0lenny1_all.deb
5967a7e6f1f0f948bd0f8e227312f35174d7727a159e91364348da72276597d2 17936460
sun-java6-source_6-22-0lenny1_all.deb
15505f1dd34104c9a1b0fc5ffbc5e9d2f43fab72f463dabe6a0a925050eb4c3a 34930
sun-java6-doc_6-22-0lenny1_all.deb
486a763d5a7d80b138bb869941a80269cd4ce8a2bfe117719177d61732f7e427 10406694
sun-java6-javadb_6-22-0lenny1_all.deb
abf0d40522b07e3d2bf342ca33616039b85ea4255dcbdd27eb5268aa7503db18 29700188
sun-java6-bin_6-22-0lenny1_i386.deb
2096159a1b038135f00f6b095601392df5ce395a285581adb3bd0ef6ed37c00e 1956
sun-java6-plugin_6-22-0lenny1_i386.deb
dedd841909d38b21a6cd91530748fcb856947238ec7025226836ad04e0210d51 19712180
sun-java6-jdk_6-22-0lenny1_i386.deb
85f3376bb725a104883b6d1336e1bcba92c9426870c10ad7e4a48487e5cfddd8 12157626
sun-java6-demo_6-22-0lenny1_i386.deb
Files:
a38312ab50af756a1fddc7953fe8fc5a 1702 non-free/devel optional
sun-java6_6-22-0lenny1.dsc
981bd97edf98849f108df9d3d40352bb 165194956 non-free/devel optional
sun-java6_6-22.orig.tar.gz
ba25a238582f592884a7787cc7054f42 80237 non-free/devel optional
sun-java6_6-22-0lenny1.diff.gz
ea9074ce40b0a65a5f200a5a518cc3e2 27941368 non-free/libs optional
sun-java6-bin_6-22-0lenny1_amd64.deb
7af2b1facf190c4dc319990cbaad2fe5 1954 non-free/web optional
sun-java6-plugin_6-22-0lenny1_amd64.deb
55ad1d256177001e376199087590733b 29701004 non-free/libs optional
ia32-sun-java6-bin_6-22-0lenny1_amd64.deb
dcc3a421b1a6950d7e41d9bb7c7a0fd1 19884002 non-free/devel optional
sun-java6-jdk_6-22-0lenny1_amd64.deb
34364eaf246182c12f6604f0546bcaac 12162558 non-free/devel optional
sun-java6-demo_6-22-0lenny1_amd64.deb
c7d0c65a38b92822540cceb283748d47 6540112 non-free/libs optional
sun-java6-jre_6-22-0lenny1_all.deb
5a9d5b0d3ccfa2ea5bbe34773152f138 1848 non-free/x11 optional
sun-java6-fonts_6-22-0lenny1_all.deb
209b6d8d3dd279e95c8ef02694eefdaf 17936460 non-free/devel optional
sun-java6-source_6-22-0lenny1_all.deb
078f3003ecf3b865db6e9d9f5b4fac3e 34930 non-free/doc optional
sun-java6-doc_6-22-0lenny1_all.deb
a2e108ad37169323b46346c2818ef504 10406694 non-free/libs optional
sun-java6-javadb_6-22-0lenny1_all.deb
c1b0b026c6120c3e480c63f8e8078f62 29700188 non-free/libs optional
sun-java6-bin_6-22-0lenny1_i386.deb
5751607c1a87ec0e781879b2adb34feb 1956 non-free/web optional
sun-java6-plugin_6-22-0lenny1_i386.deb
054d7fcbe8cf41de621d91719f3185ec 19712180 non-free/devel optional
sun-java6-jdk_6-22-0lenny1_i386.deb
1d963f0331056a609c2c6321a50750f7 12157626 non-free/devel optional
sun-java6-demo_6-22-0lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzcaAoACgkQfY3dicTPjsOo7wCfdsMh3ZxnMaC5gPnJj63+7+IX
NFsAn0FsmW5bRoJyQm7OZtQKwa5RTKnU
=q74h
-----END PGP SIGNATURE-----
--- End Message ---
