[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

According to the changelog of the version of sun-java6 in Natty: * https://launchpad.net/ubuntu/+source/sun-java6/6.24-1build0.10.10.1 This bug should be fix-released for Natty. Updating accordingly. ** Changed in: sun-java6 (Ubuntu Natty) Status: Triaged => Fix Released -- You receive

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

** Changed in: sun-java6 (Ubuntu Natty) Milestone: ubuntu-11.04-beta-1 => ubuntu-11.04-beta-2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716689 Title: Security Alert For CVE-2010-4476 Release

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

** Changed in: openjdk-6 (Ubuntu Hardy) Status: In Progress => Triaged ** Changed in: openjdk-6 (Ubuntu Natty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.ne

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

For openjdk-6, USN 1079-1 was published: http://www.ubuntu.com/usn/usn-1079-1 ** Changed in: openjdk-6 (Ubuntu Karmic) Status: In Progress => Fix Released ** Changed in: openjdk-6 (Ubuntu Lucid) Status: In Progress => Fix Released ** Changed in: openjdk-6 (Ubuntu Maverick) S

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

This bug was fixed in the package sun-java6 - 6.24-1build0.8.04.1 --- sun-java6 (6.24-1build0.8.04.1) hardy-security; urgency=low * Fake sync from Debian (LP: #716689) * Removed debian/source dir reverting back to 1.0 packaging format as 3.0 (quilt) isn't available prior to Lu

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

This bug was fixed in the package sun-java6 - 6.24-1build0.9.10.1 --- sun-java6 (6.24-1build0.9.10.1) karmic-security; urgency=low * Fake sync from Debian (LP: #716689) * Removed debian/source dir reverting back to 1.0 packaging format as 3.0 (quilt) isn't available prior to L

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

** Changed in: sun-java6 (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: sun-java6 (Ubuntu Natty) Status: Confirmed => Triaged ** Changed in: sun-java6 (Ubuntu Natty) Milestone: None => ubuntu-11.04-beta-1 -- You received this bug notification because you are a membe

Re: [Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Partner for Natty is empty now, (we don't do migrations there until Beta 1) but yes, I'll make sure the newer version is copied over at that time. On Wed, Feb 23, 2011 at 1:35 PM, Jamie Strandboge wrote: > Brian, will you be providing an update for natty in partner? > > -- > You received this b

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Hardy and Karmic updates are building in the security PPA. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716689 Title: Security Alert For CVE-2010-4476 Released -- ubuntu-bugs mailing list ubuntu-

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Brian, will you be providing an update for natty in partner? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716689 Title: Security Alert For CVE-2010-4476 Released -- ubuntu-bugs mailing list ubunt

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Lucid and Maverick now have packages in partner. ** Changed in: sun-java6 (Ubuntu Lucid) Status: In Progress => Fix Released ** Changed in: sun-java6 (Ubuntu Maverick) Status: In Progress => Fix Released ** Changed in: sun-java6 (Ubuntu Hardy) Status: In Progress => Fix Comm

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Brian, the hardy and karmic packages need to be backported to a non- source format v3 package as this was only first supported in Lucid: https://bugs.launchpad.net/launchpad/+bug/293106/comments/9 ** Changed in: sun-java6 (Ubuntu Hardy) Status: Fix Committed => In Progress ** Changed in: s

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

** Also affects: openjdk-6 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: sun-java6 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: openjdk-6 (Ubuntu Karmic) Importance: Undecided Status: New ** Also affects: sun-java6 (Ubuntu Ka

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

** Changed in: openjdk-6 (Ubuntu) Status: New => In Progress ** Changed in: openjdk-6 (Ubuntu) Importance: Undecided => Medium ** Changed in: openjdk-6 (Ubuntu) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ub

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Thanks Sylvestre, I'll see about getting you upload rights for sun-java6 in Partner; I'm just not sure we have such fine grained control there or not. In the meantime, I will grab your package and test it on Lucid+ tomorrow and push it to Jamie S. for review. The work is much appreciated! -- Yo

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

@Sylvestre Ledru sun-java6 is in the partner repository since Lucid, so only a few individuals can actually upload it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716689 Title: Security Alert For

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Gr, I am bored by the bloody permissions (I wished Ubuntu implemented dynamic "per package upload" for DD...) "The signer of this package has no upload rights to this distribution's primary archive. Did you mean to upload to a PPA?" Using sun-java6_6.24-1.dsc from: http://ftp.de.debian.org/

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

CVE-2010-4476 is about a bug whereby inputting "2.2250738585072014e-308" or variations of it [1] to the java.lang.Double.parseDouble(String) method causes it to enter an infinite loop; control is not returned to the calling thread. This bug can be used to cause remote unauthenticated denial of ser

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Well it is needed for Maverick and Lucid as well. Affects Karmic, Hardy and even Dapper which are supported but not from partner repository. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716689 Title

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

Sorry for the bad assigned. I uploaded in Natty (I did that in Debian yesterday). I don't know if you want to upload in maverick or not ?! ** Changed in: sun-java6 (Ubuntu) Assignee: Brian Thomason (brian-thomason) => Sylvestre Ledru (sylvestre) ** Changed in: sun-java6 (Ubuntu) Assign

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

The official Java 6 binaries update 24 are available from Oracle. Oracle claims that CVE-2010-4476 is fixed in it. I guess it is time for Ubuntu to create packages from it ASAP. http://www.oracle.com/technetwork/java/javase/downloads/index- jsp-138363.html -- You received this bug notification

[Bug 716689] Re: Security Alert For CVE-2010-4476 Released

** Changed in: sun-java6 (Ubuntu) Status: New => Confirmed ** Changed in: sun-java6 (Ubuntu) Assignee: (unassigned) => Brian Thomason (brian-thomason) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.