[ubuntu/trusty-proposed] bash 4.3-7ubuntu1.6 (Accepted)
bash (4.3-7ubuntu1.6) trusty-proposed; urgency=medium * When the readline `revert-all-at-newline' option is set, pressing newline when the current line is one retrieved from history results in a double free and a segmentation fault. LP: #1422795. Date: Fri, 16 Oct 2015 17:21:23 -0400 Changed-By: Jeffrey Hutzelman Maintainer: Ubuntu Developers Signed-By: Julian Andres Klode https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.6 Format: 1.8 Date: Fri, 16 Oct 2015 17:21:23 -0400 Source: bash Binary: bash bash-static bash-builtins bash-doc Architecture: source Version: 4.3-7ubuntu1.6 Distribution: trusty-proposed Urgency: medium Maintainer: Ubuntu Developers Changed-By: Jeffrey Hutzelman Description: bash - GNU Bourne Again SHell bash-builtins - Bash loadable builtins - headers & examples bash-doc - Documentation and examples for the The GNU Bourne Again SHell bash-static - GNU Bourne Again SHell (static version) Launchpad-Bugs-Fixed: 1422795 Changes: bash (4.3-7ubuntu1.6) trusty-proposed; urgency=medium . * When the readline `revert-all-at-newline' option is set, pressing newline when the current line is one retrieved from history results in a double free and a segmentation fault. LP: #1422795. Checksums-Sha1: 06d8adc1a4035c0d91a7ea765fddc4ebdd584823 2265 bash_4.3-7ubuntu1.6.dsc 981e0ef8fe217188ee1512ff030c0b630c916d0f 97573 bash_4.3-7ubuntu1.6.debian.tar.gz Checksums-Sha256: 3557865003176d6b3301797e4cbb13a0b37e4bba377b6755240adb6f4fb8b8f5 2265 bash_4.3-7ubuntu1.6.dsc d70390057c8c5a9a37b89c8fc6f4e7f15d62cb430b61d2741897529c91572fff 97573 bash_4.3-7ubuntu1.6.debian.tar.gz Files: bcc699aa47326acd3e4164fe0ed20ae6 2265 base required bash_4.3-7ubuntu1.6.dsc b7e235aeef34007f7fd786193797c468 97573 base required bash_4.3-7ubuntu1.6.debian.tar.gz Original-Maintainer: Matthias Klose -- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] openjdk-7 7u121-2.6.8-1ubuntu0.14.04.1 (Accepted)
openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium * Backport to Ubuntu 14.04. * IcedTea release 2.6.8 (based on 7u121): * Security fixes - S8151921: Improved page resolution - S8155968: Update command line options - S8155973, CVE-2016-5542: Tighten jar checks - S8157176: Improved classfile parsing - S8157739, CVE-2016-5554: Classloader Consistency Checking - S8157749: Improve handling of DNS error replies - S8157753: Audio replay enhancement - S8157759: LCMS Transform Sampling Enhancement - S8157764: Better handling of interpolation plugins - S8158302: Handle contextual glyph substitutions - S8158993, CVE-2016-5568: Service Menu services - S8159495: Fix index offsets - S8159503: Amend Annotation Actions - S8159511: Stack map validation - S8159515: Improve indy validation - S8159519, CVE-2016-5573: Reformat JDWP messages - S8160090: Better signature handling in pack200 - S8160094: Improve pack200 layout - S8160098: Clean up color profiles - S8160591, CVE-2016-5582: Improve internal array handling - S8160838, CVE-2016-5597: Better HTTP service - PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium * IcedTea release 2.6.8 (based on 7u121): openjdk-7 (7u111-2.6.7-3) experimental; urgency=medium [ Tiago Stürmer Daitx ] * Don't use precompiled header files on arm64. * Update the sec-webrev-8u111-S8159503.hotspot patch. openjdk-7 (7u111-2.6.7-2) experimental; urgency=medium [ Tiago Stürmer Daitx ] * Backported security fixes from 8u111: - CVE-2016-5568, S8158993: Service Menu services. - CVE-2016-5582, S8160591: Improve internal array handling. - CVE-2016-5573, S8159519: Reformat JDWP messages. - CVE-2016-5597, S8160838: Better HTTP service. - CVE-2016-5554, S8157739: Classloader Consistency Checking. - CVE-2016-5542, S8155973: Tighten jar checks. * debian/rules: - removed lcms version 1 option as no current release uses that, lcms2 is now default. - removed in-tree/system lcms selection to always use system's lcms. - removed all cacao references except for the transitional cacao package. - updated jtreg tests to use othervm. - simplified rhino and libcups dependency selection. * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. * debian/control.in: removed cacao references. * debian/README.source: removed cacao references. * debian/patches/cacao-armv4.diff: deleted file. * Makefile.am: remove -samevm * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM after the introduction of two new Unsafe methods in the OpenJDK hotspot. Closes: #833933. (LP: #1611598) [ Matthias Klose ] * Fix building the -dbg package depending on the debhelper level. openjdk-7 (7u111-2.6.7-1) experimental; urgency=medium [ Matthias Klose ] * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used (Andreas Beckmann). Closes: #821858. * Add missing includes for aarch64 hotspot backport (building without pch). * Use in-tree lcms for backports. [ Tiago Stürmer Daitx ] * IcedTea release 2.6.7 (based on 7u111): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking - S8149962, CVE-2016-3508: Better delineation of XML processing - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams - S8155981, CVE-2016-3606: Bolster bytecode verification - S8155985, CVE-2016-3598: Persistent Parameter Processing - S8158571, CVE-2016-3610: Additional method handle validation * debian/rules: - Create symbolic link in source package (thanks Avinash). Closes: #832720. * debian/JB-jre-headless.prerm.in: check for /var/lib/binfmts/jar instead of /var/lib/binfmts/@basename@ before removing jar entry from binfmts. Closes: #821146. Date: 2016-11-16 00:05:29.084361+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: OpenJDK Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/openjdk-7/7u121-2.6.8-1ubuntu0.14.04.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] openjdk-7 7u121-2.6.8-1ubuntu0.14.04.1 (Accepted)
openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium * Backport to Ubuntu 14.04. * IcedTea release 2.6.8 (based on 7u121): * Security fixes - S8151921: Improved page resolution - S8155968: Update command line options - S8155973, CVE-2016-5542: Tighten jar checks - S8157176: Improved classfile parsing - S8157739, CVE-2016-5554: Classloader Consistency Checking - S8157749: Improve handling of DNS error replies - S8157753: Audio replay enhancement - S8157759: LCMS Transform Sampling Enhancement - S8157764: Better handling of interpolation plugins - S8158302: Handle contextual glyph substitutions - S8158993, CVE-2016-5568: Service Menu services - S8159495: Fix index offsets - S8159503: Amend Annotation Actions - S8159511: Stack map validation - S8159515: Improve indy validation - S8159519, CVE-2016-5573: Reformat JDWP messages - S8160090: Better signature handling in pack200 - S8160094: Improve pack200 layout - S8160098: Clean up color profiles - S8160591, CVE-2016-5582: Improve internal array handling - S8160838, CVE-2016-5597: Better HTTP service - PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium * IcedTea release 2.6.8 (based on 7u121): openjdk-7 (7u111-2.6.7-3) experimental; urgency=medium [ Tiago Stürmer Daitx ] * Don't use precompiled header files on arm64. * Update the sec-webrev-8u111-S8159503.hotspot patch. openjdk-7 (7u111-2.6.7-2) experimental; urgency=medium [ Tiago Stürmer Daitx ] * Backported security fixes from 8u111: - CVE-2016-5568, S8158993: Service Menu services. - CVE-2016-5582, S8160591: Improve internal array handling. - CVE-2016-5573, S8159519: Reformat JDWP messages. - CVE-2016-5597, S8160838: Better HTTP service. - CVE-2016-5554, S8157739: Classloader Consistency Checking. - CVE-2016-5542, S8155973: Tighten jar checks. * debian/rules: - removed lcms version 1 option as no current release uses that, lcms2 is now default. - removed in-tree/system lcms selection to always use system's lcms. - removed all cacao references except for the transitional cacao package. - updated jtreg tests to use othervm. - simplified rhino and libcups dependency selection. * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. * debian/control.in: removed cacao references. * debian/README.source: removed cacao references. * debian/patches/cacao-armv4.diff: deleted file. * Makefile.am: remove -samevm * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM after the introduction of two new Unsafe methods in the OpenJDK hotspot. Closes: #833933. (LP: #1611598) [ Matthias Klose ] * Fix building the -dbg package depending on the debhelper level. openjdk-7 (7u111-2.6.7-1) experimental; urgency=medium [ Matthias Klose ] * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used (Andreas Beckmann). Closes: #821858. * Add missing includes for aarch64 hotspot backport (building without pch). * Use in-tree lcms for backports. [ Tiago Stürmer Daitx ] * IcedTea release 2.6.7 (based on 7u111): * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500: Complete name checking - S8149962, CVE-2016-3508: Better delineation of XML processing - S8150752: Share Class Data - S8151925: Font reference improvements - S8152479, CVE-2016-3550: Coded byte streams - S8155981, CVE-2016-3606: Bolster bytecode verification - S8155985, CVE-2016-3598: Persistent Parameter Processing - S8158571, CVE-2016-3610: Additional method handle validation * debian/rules: - Create symbolic link in source package (thanks Avinash). Closes: #832720. * debian/JB-jre-headless.prerm.in: check for /var/lib/binfmts/jar instead of /var/lib/binfmts/@basename@ before removing jar entry from binfmts. Closes: #821146. Date: 2016-11-16 00:05:29.084361+00:00 Changed-By: Tiago Stürmer Daitx Maintainer: OpenJDK Signed-By: Steve Beattie https://launchpad.net/ubuntu/+source/openjdk-7/7u121-2.6.8-1ubuntu0.14.04.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] klibc 2.0.3-0ubuntu1.14.04.2 (Accepted)
klibc (2.0.3-0ubuntu1.14.04.2) trusty; urgency=medium * debian/patches/fix_broadcast_flag-bit.patch: the previous patch set the wrong bit in the bootp flags field, instead of 0x800 it must be 0x8000. (LP: #1624014) Date: 2016-09-20 19:20:10.952876+00:00 Changed-By: Dan Streetman Signed-By: Brian Murray https://launchpad.net/ubuntu/+source/klibc/2.0.3-0ubuntu1.14.04.2 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes