Your message dated Thu, 15 Jan 2009 20:48:29 +0000
with message-id <e1lnz8f-0005ws...@ries.debian.org>
and subject line Bug#510972: fixed in openjdk-6 6b11-9.1
has caused the Debian Bug report #510972,
regarding openjdk-6-jre: CVE-2008-5339 to -5360: Multiple security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510972: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510972
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openjdk-6-jre
Version: 6b11-9
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids have
been published for sun-java6 and likely affect openjdk-6, too:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
--- End Message ---
--- Begin Message ---
Source: openjdk-6
Source-Version: 6b11-9.1
We believe that the bug you reported is fixed in the latest version of
openjdk-6, which is due to be installed in the Debian FTP archive:
openjdk-6-dbg_6b11-9.1_amd64.deb
to pool/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1_amd64.deb
openjdk-6-demo_6b11-9.1_amd64.deb
to pool/main/o/openjdk-6/openjdk-6-demo_6b11-9.1_amd64.deb
openjdk-6-doc_6b11-9.1_all.deb
to pool/main/o/openjdk-6/openjdk-6-doc_6b11-9.1_all.deb
openjdk-6-jdk_6b11-9.1_amd64.deb
to pool/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1_amd64.deb
openjdk-6-jre-headless_6b11-9.1_amd64.deb
to pool/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1_amd64.deb
openjdk-6-jre-lib_6b11-9.1_all.deb
to pool/main/o/openjdk-6/openjdk-6-jre-lib_6b11-9.1_all.deb
openjdk-6-jre_6b11-9.1_amd64.deb
to pool/main/o/openjdk-6/openjdk-6-jre_6b11-9.1_amd64.deb
openjdk-6-source_6b11-9.1_all.deb
to pool/main/o/openjdk-6/openjdk-6-source_6b11-9.1_all.deb
openjdk-6_6b11-9.1.diff.gz
to pool/main/o/openjdk-6/openjdk-6_6b11-9.1.diff.gz
openjdk-6_6b11-9.1.dsc
to pool/main/o/openjdk-6/openjdk-6_6b11-9.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard R. Link <brl...@debian.org> (supplier of updated openjdk-6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 15 Jan 2009 19:25:04 CET
Source: openjdk-6
Binary: openjdk-6-jdk openjdk-6-jre-headless openjdk-6-jre openjdk-6-jre-lib
openjdk-6-demo openjdk-6-source openjdk-6-doc openjdk-6-dbg
Architecture: source amd64 all
Version: 6b11-9.1
Distribution: unstable
Urgency: low
Maintainer: OpenJDK Team <open...@lists.launchpad.net>
Changed-By: Bernhard R. Link <brl...@debian.org>
Description:
openjdk-6-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-6-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-6-doc - OpenJDK Development Kit (JDK) documentation
openjdk-6-jdk - OpenJDK Development Kit (JDK)
openjdk-6-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-6-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-6-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-6-source - OpenJDK Development Kit (JDK) source files
Closes: 510972
Changes:
openjdk-6 (6b11-9.1) unstable; urgency=low
.
* Non-maintainer upload.
* add debian/patches/nonreparenting-wm.diff:
if _JAVA_AWT_WM_NONREPARENTING environment variable is set,
disable all workarounds causing blank windows in non-reparentizing
window managers. (Works-around: 508650)
* added patches from http://icedtea.classpath.org/hg/icedtea6 revision 1232:
patches/icedtea-4486841.patch fixes CVE-2008-5351:
UTF-8 decoder accepts non-shortest form sequences,
patches/icedtea-6484091.patch fixes CVE-2008-5350:
allows to list files within the user home directory,
patches/icedtea-6497740.patch fixes CVE-2008-5349:
RSA public key length denial-of-service,
patches/icedtea-6588160.patch fixes CVE-2008-5348:
Denial-Of-Service in kerberos authentication,
patches/icedtea-6592792.patch fixes CVE-2008-5347:
applet privilege escalation via JAX package access,
patches/icedtea-6721753.patch fixes CVE-2008-5360:
temporary files have guessable file names,
patches/icedtea-6726779.patch fixes CVE-2008-5359:
Buffer overflow in image processing,
patches/icedtea-6733959.patch fixes CVE-2008-5354:
Privilege escalation in command line applications,
patches/icedtea-6734167.patch fixes CVE-2008-5353:
calender object deserialization allows privilege escalation,
patches/icedtea-6755943.patch fixes CVE-2008-5352:
Jar200 Decompression buffer overflow,
patches/icedtea-6766136.patch fixes CVE-2008-5358:
Buffer Overflow in GIF image processing.
(Closes: 510972)
* add debian/patches/donotdelete.diff:
fix MultipleJRE.sh to remove the link in the error-path, otherwise
the test-suite removes the whole build/*/j2sdk-image directory on error.
Checksums-Sha256:
fe3e241e7d67ad2623b205a90d1dbb8bc280feb2d0c3f923b897a84451658aa4 2261
openjdk-6_6b11-9.1.dsc
c4735318652fc54c141b8ea9f8c7989d5e93385cb9e668eb6aa62425383c5d7a 208775
openjdk-6_6b11-9.1.diff.gz
2c05908f1276ffa944a25811ba74ed3baf9f210f44c8e29cab8ba54f34e233c6 9645416
openjdk-6-jdk_6b11-9.1_amd64.deb
023d2d85295f715f6d7e3b2b1e5683f13bbc1a609638c493537ef793d30da6e1 22411164
openjdk-6-jre-headless_6b11-9.1_amd64.deb
04af874aaa023c84688df6a3b1c9d70d6e92f6aa2347f46506d5462bcc7838f2 229562
openjdk-6-jre_6b11-9.1_amd64.deb
3826b2aa040002f529061b525b364adbba7493c277625ab759948af507a9a9f4 2345558
openjdk-6-demo_6b11-9.1_amd64.deb
3a4fcc8543e6575a89731d7a421521ec9ac872343f6fc747663a760ce2895223 46909920
openjdk-6-dbg_6b11-9.1_amd64.deb
140c6e7f4c5e2b2515023314d84e57a90971884358c579fe913b8bd479c13636 5252866
openjdk-6-jre-lib_6b11-9.1_all.deb
f7af6b907a3a5bd90265b441ff8e9c785bb15d983943405e348f8f409c090a3c 26543870
openjdk-6-source_6b11-9.1_all.deb
6d4d375fe1013072485f6cc3e59d2f9defd63d376ed41a7b8d36ed30065617b6 12077218
openjdk-6-doc_6b11-9.1_all.deb
Checksums-Sha1:
1f28e27348368c7082a6f317b93fee9d31dea1a7 2261 openjdk-6_6b11-9.1.dsc
5f3ddbca2e8ae829608345d07c47993529ed07ba 208775 openjdk-6_6b11-9.1.diff.gz
39ace1672e79e0b06607a72a15aee5378e1313b5 9645416
openjdk-6-jdk_6b11-9.1_amd64.deb
1f43043a8cabbafcb28385dd092ba501921c6298 22411164
openjdk-6-jre-headless_6b11-9.1_amd64.deb
315f96113c294cb8b644b4fd4ae4dcb79e950ef6 229562
openjdk-6-jre_6b11-9.1_amd64.deb
8b08c713595ce1b7d10f350a8afaff18ee7af0ab 2345558
openjdk-6-demo_6b11-9.1_amd64.deb
f66fb252b27910e4a1549acb147a2d4abcdb6e1a 46909920
openjdk-6-dbg_6b11-9.1_amd64.deb
c124bd01d2423c60a07bb586eb555712aa58d5d2 5252866
openjdk-6-jre-lib_6b11-9.1_all.deb
3d524353e816c9639785630a7cd28fc18b03f642 26543870
openjdk-6-source_6b11-9.1_all.deb
901de99ca26782dde1ecc80e6d091d57645a4d38 12077218
openjdk-6-doc_6b11-9.1_all.deb
Files:
b0509342568048c1601f4acb6bd03d50 2261 devel extra openjdk-6_6b11-9.1.dsc
ec57fcdd32dca7b0790b429404ef4a87 208775 devel extra openjdk-6_6b11-9.1.diff.gz
f0a14e597597a8e2fe341b501c3b1d53 9645416 devel extra
openjdk-6-jdk_6b11-9.1_amd64.deb
66066647d511359314072f77f0b5bae4 22411164 interpreters extra
openjdk-6-jre-headless_6b11-9.1_amd64.deb
10dda693a4c4c8e7d67dc9f46a307b2f 229562 interpreters extra
openjdk-6-jre_6b11-9.1_amd64.deb
e26fcc0b6f1244b85d88c0cc12c9146b 2345558 devel extra
openjdk-6-demo_6b11-9.1_amd64.deb
56c95198842b69f0f8933121f3e5b2ae 46909920 devel extra
openjdk-6-dbg_6b11-9.1_amd64.deb
3a61eb4f1088fd9daed31d47e71811de 5252866 interpreters extra
openjdk-6-jre-lib_6b11-9.1_all.deb
926892b48fa27a805835ce580becb320 26543870 devel extra
openjdk-6-source_6b11-9.1_all.deb
411a4b47dbac7fe7cd43ec9e62d3d3bf 12077218 doc extra
openjdk-6-doc_6b11-9.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUBSW9/jVsyKVgPHZLaAQKkXAP/VN5UF8Z6aABqh4TjwMJaTMGBxoc0CN1n
rtoC7sU/Y/Pxz2Xi0DtPL9t0yW856F7KxBWU7FU90OOujQXTb3ss1DIJw/nXp72s
56JChXjOzt4aCXP9WQ4iJY8VL8eatdcZM9Yog8SmlI6ZxtKLYMk6xx3dzLaToW0C
Q+XawkD6gC0=
=6k3b
-----END PGP SIGNATURE-----
--- End Message ---
