** Changed in: sun-java6 (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ub
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: sun-java6 (Ubuntu Intrepid)
Status: Confirmed => Invalid
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received
** Changed in: sun-java6 (Ubuntu Jaunty)
Status: Confirmed => Fix Committed
** Changed in: sun-java6 (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a m
** Changed in: dell-mini
Status: New => Invalid
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
htt
only karmic has u15. The u16 packages are in -proposed in jaunty and
hardy but not yet in -updates.
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
I can confirm that there update 14 is the latest available version from
repositories on Jaunty. I have updated manually in the meantime, but
there are many less than experienced users who will have a serious
vulnerability on their machines.
** Changed in: sun-java6 (Ubuntu Jaunty)
Status: F
@fernanick: If update 15 is out for Jaunty, then why didn't I receive
the update yet?
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
u
The current bug is for an update to version 15, which was released and
thus the status changed to "Fix released". The fact that version 16 is
out, it irrelevant to this bug. Given the complexity of this bug
involving many distributions, it is not advise to modify the bug when
new releases are avail
@jgschellinger: why did you change the status in Fix Released? There's
still no 6u16 in the normal updates for Jaunty (Main server).
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscr
** Changed in: sun-java6 (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
u
** Changed in: sun-java6 (Ubuntu Hardy)
Status: Confirmed => Fix Committed
** Changed in: sun-java6 (Ubuntu Jaunty)
Status: Confirmed => Fix Committed
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a membe
The sun-java policy is being clarified and updated in
https://wiki.ubuntu.com/StableReleaseUpdates#sun-java*. Updated sun-
java5 packages are available in dapper-proposed and hardy-proposed.
Updated sun-java6 package are available in hardy-proposed and jaunty-
proposed.
Please comment in https://b
On 08/28/2009 08:30 AM, Pjotr12345 wrote:
> @John Vivirito:
>
> While I can understand that as a general practice, this case should be
> an exception.
>
> Security is at stake here. Probably millions are using an insecure JRE
> right now, and don't know it. The least we can do, is to prevent new
Since Jamie proposed to use OpenJDK as an alternative: I don't know
about Firefox 3.0, but OpenJDK doesn't work properly under FF 3.5 - see
https://bugs.launchpad.net/ubuntu/+source/firefox-3.5/+bug/359407 - and
doesn't work at all under FF 3.6 (it doesn't even show up under
about:plugins). So muc
@John Vivirito:
While I can understand that as a general practice, this case should be
an exception.
Security is at stake here. Probably millions are using an insecure JRE
right now, and don't know it. The least we can do, is to prevent new
victims.
--
version 1.6.0_15 is available
https://bug
On 08/27/2009 08:55 AM, Pjotr12345 wrote:
> It appears that nobody is both able and willing to take this task upon
> himself... Well, it's a volunteer job ofcourse, so I don't blame anyone.
>
> However, this being so, I urgently request that JRE will be removed
> entirely from the repositories of
That is right, but it will prevent further installations of a package
containing a serious security problem.
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Magnus wrote:
> I agree with Pjotr: Removing the package is something that easily can be
> done and that will remove the security problem for the time being.
>
How so? People who have already installed java-sun will have the vulnerability,
it will no
I agree with Pjotr: Removing the package is something that easily can be
done and that will remove the security problem for the time being.
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is
It appears that nobody is both able and willing to take this task upon
himself... Well, it's a volunteer job ofcourse, so I don't blame anyone.
However, this being so, I urgently request that JRE will be removed
entirely from the repositories of Hardy, Intrepid and Jaunty. JRE is
much too widely u
Looks like we're in a situation like with the tor package. If nobody can
do the hard work of updating it properly and adhere to the processes we
will have to pull it out.
Can somebody who worked with the sun-java6 package outline the steps
involved?
--
version 1.6.0_15 is available
https://bugs
On 08/23/2009 09:19 PM, Jamie Strandboge wrote:
> Pjotr,
>
> This leaves you with:
> a) using the workaround provided and installing sun-java6 packages from
> karmic. You can also install the software directly from Sun. Although a poor
> choice for Ubuntu in general, it gets you as a 'simple use
@Jamie Strandboge:
Most of the options you mention are above my head, I'm sorry
The thing is, that most Ubuntu desktop users won't know about the need
for a manual update of JRE. I've done it already, my machines are
secure. But I'm an exception.
May I therefore suggest two other possible app
Jamie,
There is another option that 'simple users' might fall back to:
f) Use another operating system until there is a mended version of Sun
Java available for Ubuntu.
Unfortunately this negatively affects the quite good progress of Ubuntu
bug #1, and that is probably what is most disturbing of
Pjotr,
This leaves you with:
a) using the workaround provided and installing sun-java6 packages from karmic.
You can also install the software directly from Sun. Although a poor choice for
Ubuntu in general, it gets you as a 'simple user' with the update.
b) figuring out how to build a package y
@Jamie Strandboge:
I understand your point, but where does that leave me, a simple end user with
no packaging skills at all? And more than half a million like me? Probably even
millions, if you count out the distortion from the popcon statistics?
This means that probably the vast majority of Ubu
This is a community matter. I asked that this be brought up in #ubuntu-
motu because there seems to be a lack of interest from the community to
maintain this package and I hoped that more people than those in this
bug could respond and help. No one did. People complain, but no one
wants to put in t
@Matthias Klose: please react to the questions that I asked you. It's a
vital matter. Thanks in advance.
@everyone: maybe we should consider mobilizing our LoCo Teams. I could
try to persuade the leadership of my LoCo Team, Ubuntu-NL (Netherlands
and Belgium) to put an official collective request
@Matthias Klose:
But 6u15 *is* sufficient. Because Sun says in the Release Notes, that 6u16
doesn't contain security updates compared with 6u15:
http://java.sun.com/javase/6/webnotes/6u16.html
Essential quote:
Bug Fixes
This feature release does not contain any new fixes for security
vulnerabil
@Vistaus: As you can see at https://jdk-distros.dev.java.net/ 6u16 was
released. Updating to 6u15 isn't good enough. No, it's not packaged, and
I don't plan to do so. Looking at the Debian package you'll see that it
is now unsupported (orphaned), the package in Ubuntu is community
maintained. So ei
Marc,
Most everyone knows the software isn't supported. Therein lies the root
cause of this issue. Many apps that use java recommend the official
distribution of java, not the open source version.
No disrespect intended here sir, but I believe is flat out irresponsible for
Canonical, and the Ub
@Marc Deslauriers:
1 I know the Ubuntu Security Team isn't responsible for this, but why are they
subscribed to this bug if they aren't responsible for it?
2 Even though it's community maintained, a security vulnebelarity is a security
vulnebelarity and should be fixed, even if it's from within
@Matthias Klose and Marc Deslauriers:
The updated Sun Java JRE packages are *already* present in Multiverse,
right now only for Karmic. They only need to be made available for
Hardy, Intrepid and Jaunty as well. No extra work needed.
This JRE update works fine in Hardy, Intrepid and Jaunty, which
Software in the multiverse and universe repositories is not supported by
the Ubuntu Security Team. See:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Official%20Support
Packages in multiverse and universe need to be updated by the Ubuntu
community by following the procedures here:
https://wiki.ubuntu
@Matthias Klose: It must be possible to critisize something without
being a developer. IMO, it's a breach of trust from a user's
perspective. Why?
1. A patch is available for Karmic (and in some ppa's). Even without being a
developer, I cannot imagine that it's so difficult to provide a patched v
> It's rather a breach of trust
huh? care to elaborate?
instead of complaining, prepare a package and send it to
http://revu.ubuntuwire.com/ for review. It's not rocket science, just
spend the time you use for these "me too" mails for something useful.
--
version 1.6.0_15 is available
https://
Yes, it's more than sad. It's rather a breach of trust. Is there another
way to ring the alarm bell?
Pjotr is right that this is a structural problem. Considering the
subscribers to this bug, I wonder why his posting in the MOTU list was
even necessary.
And I'm beginning to wonder how many other
It's not possible for me, to pick up the discussion in the MOTU mailing
list. Probably because I'm not a MOTU myself. I can only post by sending
an e-mail to the janitor. That way, I can't react in a topic thread.
The MOTU's aren't responding. I'm running out of options here... Much to
my dismay.
Please pick up the discussion in the ubuntu-motu mailing list. Pjotr
sent a message with the subject of 'Structural problem with Sun Java
JRE'. It hasn't gotten any feedback yet (possibly because the title
didn't convey the urgency).
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bu
Indeed: this is urgent.
I hope and believe that MOTU realizes this.
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
@Pjotr: Couldn't agree more. This is a disaster from a security
viewpoint. We're always telling Windows users that they need something
like Secunia PSI to make sure that they will keep their applications
updated. And we're telling them: Switch to Ubuntu, and you won't have
this problem. - And now t
According to the popcon statistics [1] and [2], sun-java6 is one of the most
popular multiverse packages, and it is the most used one.
If sun-java6 is installed on nearly 550,000 computers, and if more than 60,000
people use it regularly, isn't it strange that Ubuntu doesn't provide security
upd
Thanks feranick. I posted the following message on the MOTU mailing
list:
Hello,
Hereby I request your attention for the following matter. It concerns
Multiverse and not Universe, but the matter is grave enough to bring
this to your attention.
Sun Java JRE doesn't receive securi
Here, for example;
https://lists.ubuntu.com/mailman/listinfo/Ubuntu-motu
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@l
@ Jamie Strandboge:
Thanks for your reaction.
OpenJDK still can't replace JRE entirely. There are still some websites
that only function well for a visitor, when that visitor has JRE
installed. A pity, but that's how it is. And that's why we need security
updates for JRE.
All that has to be done
Please note that while I am not the package maintainer, sun-java6 is in
multiverse and is community supported. It and sun-java5 were originally
provided in Ubuntu multiverse to help developers have access to java
when there was no free alternative. As of Ubuntu 8.10, openjdk-6 is in
'main', officia
This was fixed in Karmic:
sun-java6 (6-15-1) unstable; urgency=medium
* New upstream version.
Release notes at http://java.sun.com/javase/6/webnotes/6u15.html
Addresses CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,
CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-
It's utterly unacceptable that the responsible package maintainer
doesn't react here. I suggest that those of us who are Ubuntu Members,
discuss this matter on a higher level of authority.
This matter needs to be dealt with: this negligence by the package
maintainer, is putting many computers at r
Sounds like this may be an opportunity for a new package maintainer.
On 8/17/09, Pjotr12345 wrote:
> Why don't the responsible package maintainers answer here? Isn't
> Launchpad meant for contacting them?
>
> Why this silence on this important security issue? :-(
>
> --
> version 1.6.0_15 is ava
Why don't the responsible package maintainers answer here? Isn't
Launchpad meant for contacting them?
Why this silence on this important security issue? :-(
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ub
** Changed in: sun-java6 (Ubuntu)
Status: Fix Released => Confirmed
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@
@feranick: I appreciate your efforts with the PPA. But "fix released"
does not apply here, I think.
"Fix released" would be, when the *package maintainer* would make these
packages available through the normal Multiverse updates for Hardy,
Intrepid and Jaunty.
--
version 1.6.0_15 is available
h
Marked "fix released" as it is not updated in Karmic. Bug still open for
backports.
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
I added hardy, intrepid and jaunty backports to the bug report.
** Changed in: sun-java6 (Ubuntu)
Status: Confirmed => Fix Released
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is
@Vistaus
I maintain a unofficial backport PPA for Jaunty and hardy, where v15
builds are available. I know, they are not official backports, but
that's all I can do.
Hardy: https://launchpad.net/~hardybleed/+archive/ppa
Jaunty: https://launchpad.net/~jauntybleed/+archive/ppa
** Also affects: j
@vistaus, i think @irihapeti was agreeing with you
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https:/
@feranick: Great that is has been uploaded in Karmic, but where is the
version for the rest of the versions (Jaunty, Hardy etc.)?
@Irihapeti: Did you even read the bug description?
"This release contains fixes for one or more security vulnerabilities."
So you actually want people to have an insecu
Repost, this time without tags that don't work (sorry!):
You can apply a workaround to install the new JRE which is meant for
Karmic, in Hardy, Intrepid and Jaunty.
This workaround is for 32-bit Ubuntu only! You have to adapt it for a 64
bit system.
1. Manually download these three files from Mu
You can apply a workaround to install the new JRE which is meant for
Karmic, in Hardy, Intrepid and Jaunty.
This workaround is for 32-bit Ubuntu only! You have to adapt it for a 64
bit system.
1. Manually download these three files from Multiverse:
Bin:
[url]http://nl.archive.ubuntu.com/ubuntu/
It has just been uploaded in karmic.
** Also affects: dell-mini
Importance: Undecided
Status: New
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubu
When will this update be included in Ubuntu?
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists
The repository version of Firefox gets upgraded each time Mozilla puts
out a new one, even on older versions such as Hardy. I think that the
same thing should happen with Java.
There has already been one update to Java in Hardy, from 1.6.07 to
1.6.14, so it's not impossible.
--
version 1.6.0_15
I agree that this update is high priority. I received it on my openSUSE
11.1 box too the day before yesterday... It's highly recommened by Sun
to install this update, so Ubuntu: come on and push out the update.
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received
On my openSUSE 11.1 box, I received the 1.6.0_15 update yesterday
When will Ubuntu follow? I have six Ubuntu boxes in my house...
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
** Tags added: upgrade
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/li
Changed in sun-java6 (Ubuntu):
Security update please !.
status: New → Confirmed
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing lis
** Changed in: sun-java6 (Ubuntu)
Status: New => Confirmed
--
version 1.6.0_15 is available
https://bugs.launchpad.net/bugs/409559
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubu
67 matches
Mail list logo
