[ubuntu/trusty-proposed] bash 4.3-7ubuntu1.6 (Accepted)

[Jeffrey Hutzelman]

bash (4.3-7ubuntu1.6) trusty-proposed; urgency=medium

  * When the readline `revert-all-at-newline' option is set, pressing newline
when the current line is one retrieved from history results in a double
free and a segmentation fault. LP: #1422795.

Date: Fri, 16 Oct 2015 17:21:23 -0400
Changed-By: Jeffrey Hutzelman 
Maintainer: Ubuntu Developers 
Signed-By: Julian Andres Klode 
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.6
Format: 1.8
Date: Fri, 16 Oct 2015 17:21:23 -0400
Source: bash
Binary: bash bash-static bash-builtins bash-doc
Architecture: source
Version: 4.3-7ubuntu1.6
Distribution: trusty-proposed
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Jeffrey Hutzelman 
Description: 
 bash   - GNU Bourne Again SHell
 bash-builtins - Bash loadable builtins - headers & examples
 bash-doc   - Documentation and examples for the The GNU Bourne Again SHell
 bash-static - GNU Bourne Again SHell (static version)
Launchpad-Bugs-Fixed: 1422795
Changes: 
 bash (4.3-7ubuntu1.6) trusty-proposed; urgency=medium
 .
   * When the readline `revert-all-at-newline' option is set, pressing newline
 when the current line is one retrieved from history results in a double
 free and a segmentation fault. LP: #1422795.
Checksums-Sha1: 
 06d8adc1a4035c0d91a7ea765fddc4ebdd584823 2265 bash_4.3-7ubuntu1.6.dsc
 981e0ef8fe217188ee1512ff030c0b630c916d0f 97573 
bash_4.3-7ubuntu1.6.debian.tar.gz
Checksums-Sha256: 
 3557865003176d6b3301797e4cbb13a0b37e4bba377b6755240adb6f4fb8b8f5 2265 
bash_4.3-7ubuntu1.6.dsc
 d70390057c8c5a9a37b89c8fc6f4e7f15d62cb430b61d2741897529c91572fff 97573 
bash_4.3-7ubuntu1.6.debian.tar.gz
Files: 
 bcc699aa47326acd3e4164fe0ed20ae6 2265 base required bash_4.3-7ubuntu1.6.dsc
 b7e235aeef34007f7fd786193797c468 97573 base required 
bash_4.3-7ubuntu1.6.debian.tar.gz
Original-Maintainer: Matthias Klose 
-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-updates] openjdk-7 7u121-2.6.8-1ubuntu0.14.04.1 (Accepted)

[Ubuntu Archive Robot]

openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04.
  * IcedTea release 2.6.8 (based on 7u121):
  * Security fixes
- S8151921: Improved page resolution
- S8155968: Update command line options
- S8155973, CVE-2016-5542: Tighten jar checks
- S8157176: Improved classfile parsing
- S8157739, CVE-2016-5554: Classloader Consistency Checking
- S8157749: Improve handling of DNS error replies
- S8157753: Audio replay enhancement
- S8157759: LCMS Transform Sampling Enhancement
- S8157764: Better handling of interpolation plugins
- S8158302: Handle contextual glyph substitutions
- S8158993, CVE-2016-5568: Service Menu services
- S8159495: Fix index offsets
- S8159503: Amend Annotation Actions
- S8159511: Stack map validation
- S8159515: Improve indy validation
- S8159519, CVE-2016-5573: Reformat JDWP messages
- S8160090: Better signature handling in pack200
- S8160094: Improve pack200 layout
- S8160098: Clean up color profiles
- S8160591, CVE-2016-5582: Improve internal array handling
- S8160838, CVE-2016-5597: Better HTTP service
- PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()

openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium

  * IcedTea release 2.6.8 (based on 7u121):

openjdk-7 (7u111-2.6.7-3) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Don't use precompiled header files on arm64.
  * Update the sec-webrev-8u111-S8159503.hotspot patch.

openjdk-7 (7u111-2.6.7-2) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Backported security fixes from 8u111:
- CVE-2016-5568, S8158993: Service Menu services.
- CVE-2016-5582, S8160591: Improve internal array handling.
- CVE-2016-5573, S8159519: Reformat JDWP messages.
- CVE-2016-5597, S8160838: Better HTTP service.
- CVE-2016-5554, S8157739: Classloader Consistency Checking.
- CVE-2016-5542, S8155973: Tighten jar checks.
  * debian/rules:
- removed lcms version 1 option as no current release uses that, lcms2
  is now default.
- removed in-tree/system lcms selection to always use system's lcms.
- removed all cacao references except for the transitional cacao package.
- updated jtreg tests to use othervm.
- simplified rhino and libcups dependency selection.
  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
as it probably means that the build failed - otherwise buildwatch keeps
the builder alive until it exits after the timer (3 hours by default)
expires.
  * debian/control.in: removed cacao references.
  * debian/README.source: removed cacao references.
  * debian/patches/cacao-armv4.diff: deleted file.
  * Makefile.am: remove -samevm
  * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM
after the introduction of two new Unsafe methods in the OpenJDK
hotspot. Closes: #833933. (LP: #1611598)

  [ Matthias Klose ]
  * Fix building the -dbg package depending on the debhelper level.

openjdk-7 (7u111-2.6.7-1) experimental; urgency=medium

  [ Matthias Klose ]
  * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used
(Andreas Beckmann). Closes: #821858.
  * Add missing includes for aarch64 hotspot backport (building without pch).
  * Use in-tree lcms for backports.

  [ Tiago Stürmer Daitx ]
  * IcedTea release 2.6.7 (based on 7u111):
  * Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
- S8147771: Construction of static protection domains under Javax
  custom policy
- S8148872, CVE-2016-3500: Complete name checking
- S8149962, CVE-2016-3508: Better delineation of XML processing
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams
- S8155981, CVE-2016-3606: Bolster bytecode verification
- S8155985, CVE-2016-3598: Persistent Parameter Processing
- S8158571, CVE-2016-3610: Additional method handle validation
  * debian/rules:
- Create symbolic link in source package (thanks Avinash).
  Closes: #832720.
  * debian/JB-jre-headless.prerm.in: check for /var/lib/binfmts/jar
instead of /var/lib/binfmts/@basename@ before removing jar entry
from binfmts. Closes: #821146.

Date: 2016-11-16 00:05:29.084361+00:00
Changed-By: Tiago Stürmer Daitx 
Maintainer: OpenJDK 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/openjdk-7/7u121-2.6.8-1ubuntu0.14.04.1
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] openjdk-7 7u121-2.6.8-1ubuntu0.14.04.1 (Accepted)

[Steve Beattie]

openjdk-7 (7u121-2.6.8-1ubuntu0.14.04.1) trusty-security; urgency=medium

  * Backport to Ubuntu 14.04.
  * IcedTea release 2.6.8 (based on 7u121):
  * Security fixes
- S8151921: Improved page resolution
- S8155968: Update command line options
- S8155973, CVE-2016-5542: Tighten jar checks
- S8157176: Improved classfile parsing
- S8157739, CVE-2016-5554: Classloader Consistency Checking
- S8157749: Improve handling of DNS error replies
- S8157753: Audio replay enhancement
- S8157759: LCMS Transform Sampling Enhancement
- S8157764: Better handling of interpolation plugins
- S8158302: Handle contextual glyph substitutions
- S8158993, CVE-2016-5568: Service Menu services
- S8159495: Fix index offsets
- S8159503: Amend Annotation Actions
- S8159511: Stack map validation
- S8159515: Improve indy validation
- S8159519, CVE-2016-5573: Reformat JDWP messages
- S8160090: Better signature handling in pack200
- S8160094: Improve pack200 layout
- S8160098: Clean up color profiles
- S8160591, CVE-2016-5582: Improve internal array handling
- S8160838, CVE-2016-5597: Better HTTP service
- PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()

openjdk-7 (7u121-2.6.8-1) experimental; urgency=medium

  * IcedTea release 2.6.8 (based on 7u121):

openjdk-7 (7u111-2.6.7-3) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Don't use precompiled header files on arm64.
  * Update the sec-webrev-8u111-S8159503.hotspot patch.

openjdk-7 (7u111-2.6.7-2) experimental; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Backported security fixes from 8u111:
- CVE-2016-5568, S8158993: Service Menu services.
- CVE-2016-5582, S8160591: Improve internal array handling.
- CVE-2016-5573, S8159519: Reformat JDWP messages.
- CVE-2016-5597, S8160838: Better HTTP service.
- CVE-2016-5554, S8157739: Classloader Consistency Checking.
- CVE-2016-5542, S8155973: Tighten jar checks.
  * debian/rules:
- removed lcms version 1 option as no current release uses that, lcms2
  is now default.
- removed in-tree/system lcms selection to always use system's lcms.
- removed all cacao references except for the transitional cacao package.
- updated jtreg tests to use othervm.
- simplified rhino and libcups dependency selection.
  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
as it probably means that the build failed - otherwise buildwatch keeps
the builder alive until it exits after the timer (3 hours by default)
expires.
  * debian/control.in: removed cacao references.
  * debian/README.source: removed cacao references.
  * debian/patches/cacao-armv4.diff: deleted file.
  * Makefile.am: remove -samevm
  * debian/patches/it-jamvm-8158260-unsafe-methods.patch: fix JAMVM
after the introduction of two new Unsafe methods in the OpenJDK
hotspot. Closes: #833933. (LP: #1611598)

  [ Matthias Klose ]
  * Fix building the -dbg package depending on the debhelper level.

openjdk-7 (7u111-2.6.7-1) experimental; urgency=medium

  [ Matthias Klose ]
  * Fix handling of /usr/lib/jvm/*/jre/lib/zi if internal tzdata is used
(Andreas Beckmann). Closes: #821858.
  * Add missing includes for aarch64 hotspot backport (building without pch).
  * Use in-tree lcms for backports.

  [ Tiago Stürmer Daitx ]
  * IcedTea release 2.6.7 (based on 7u111):
  * Security fixes
- S8079718, CVE-2016-3458: IIOP Input Stream Hooking
- S8145446, CVE-2016-3485: Perfect pipe placement (Windows only)
- S8147771: Construction of static protection domains under Javax
  custom policy
- S8148872, CVE-2016-3500: Complete name checking
- S8149962, CVE-2016-3508: Better delineation of XML processing
- S8150752: Share Class Data
- S8151925: Font reference improvements
- S8152479, CVE-2016-3550: Coded byte streams
- S8155981, CVE-2016-3606: Bolster bytecode verification
- S8155985, CVE-2016-3598: Persistent Parameter Processing
- S8158571, CVE-2016-3610: Additional method handle validation
  * debian/rules:
- Create symbolic link in source package (thanks Avinash).
  Closes: #832720.
  * debian/JB-jre-headless.prerm.in: check for /var/lib/binfmts/jar
instead of /var/lib/binfmts/@basename@ before removing jar entry
from binfmts. Closes: #821146.

Date: 2016-11-16 00:05:29.084361+00:00
Changed-By: Tiago Stürmer Daitx 
Maintainer: OpenJDK 
Signed-By: Steve Beattie 
https://launchpad.net/ubuntu/+source/openjdk-7/7u121-2.6.8-1ubuntu0.14.04.1
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-updates] klibc 2.0.3-0ubuntu1.14.04.2 (Accepted)

[Brian Murray]

klibc (2.0.3-0ubuntu1.14.04.2) trusty; urgency=medium

  * debian/patches/fix_broadcast_flag-bit.patch: the previous patch set the
wrong bit in the bootp flags field, instead of 0x800 it must be 0x8000.
(LP: #1624014)

Date: 2016-09-20 19:20:10.952876+00:00
Changed-By: Dan Streetman 
Signed-By: Brian Murray 
https://launchpad.net/ubuntu/+source/klibc/2.0.3-0ubuntu1.14.04.2
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes