-
Committer:
Bazaar Package Importer
-
Author(s):
Kees Cook
-
Date:
2009-01-25 15:49:31 UTC
-
Revision ID:
james.westby@ubuntu.com-20090125154931-yx8m152s774jhiaq
Tags: 6b12-0ubuntu6.1
* SECURITY UPDATE: multiple upstream vulnerabilities.
- upstream fixes, thanks to Bernhard R. Link:
- patches/icedtea-4486841.patch fixes CVE-2008-5351:
UTF-8 decoder accepts non-shortest form sequences,
- patches/icedtea-6484091.patch fixes CVE-2008-5350:
allows to list files within the user home directory,
- patches/icedtea-6497740.patch fixes CVE-2008-5349:
RSA public key length denial-of-service,
- patches/icedtea-6588160.patch fixes CVE-2008-5348:
Denial-Of-Service in kerberos authentication,
- patches/icedtea-6592792.patch fixes CVE-2008-5347:
applet privilege escalation via JAX package access,
- patches/icedtea-6721753.patch fixes CVE-2008-5360:
temporary files have guessable file names,
- patches/icedtea-6726779.patch fixes CVE-2008-5359:
Buffer overflow in image processing,
- patches/icedtea-6733959.patch fixes CVE-2008-5354:
Privilege escalation in command line applications,
- patches/icedtea-6734167.patch fixes CVE-2008-5353:
calender object deserialization allows privilege escalation,
- patches/icedtea-6755943.patch fixes CVE-2008-5352:
Jar200 Decompression buffer overflow,
- patches/icedtea-6766136.patch fixes CVE-2008-5358:
Buffer Overflow in GIF image processing.
* add debian/patches/donotdelete.diff:
fix MultipleJRE.sh to remove the link in the error-path, otherwise
the test-suite removes the whole build/*/j2sdk-image directory on error.