Accepted openjdk-7 7u121-2.6.8-2 (source) into experimental

To: debian-experimental-changes@lists.debian.org, debian-devel-changes@lists.debian.org
Subject: Accepted openjdk-7 7u121-2.6.8-2 (source) into experimental
From: Matthias Klose <doko@ubuntu.com>
Date: Tue, 07 Feb 2017 10:33:46 +0000
Message-id: <[🔎] E1cb35m-000DlT-0t@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 07 Feb 2017 11:09:39 +0100
Source: openjdk-7
Binary: openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-jre-lib openjdk-7-demo openjdk-7-source openjdk-7-doc openjdk-7-dbg icedtea-7-jre-jamvm openjdk-7-jre-zero
Architecture: source
Version: 7u121-2.6.8-2
Distribution: experimental
Urgency: high
Maintainer: OpenJDK Team <openjdk@lists.launchpad.net>
Changed-By: Matthias Klose <doko@ubuntu.com>
Description:
 icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
 openjdk-7-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-7-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-7-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-7-jdk - OpenJDK Development Kit (JDK)
 openjdk-7-jre - OpenJDK Java runtime, using ${vm:Name}
 openjdk-7-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
 openjdk-7-jre-lib - OpenJDK Java runtime (architecture independent libraries)
 openjdk-7-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-7-source - OpenJDK Development Kit (JDK) source files
Changes:
 openjdk-7 (7u121-2.6.8-2) experimental; urgency=high
 .
   [ Tiago Stürmer Daitx ]
   * Security fixes from 8u121:
     - S8167104, CVE-2017-3289: Custom class constructor code can bypass the
       required call to super.init allowing for uninitialized objects to be
       created.
     - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
       dispose() on a CMenuComponentmultiple times.
     - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
       extraneous bytes added to them whereas the signature is supposed to be
       unique.
     - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
       sections to be 2^32-1 bytes long so these should not be uncompressed
       unless the user explicitly requests it.
     - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
       leak information about k.
     - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
       deserialize responses from an LDAP server when an LDAP context is
       expected.
     - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
       users or external applications would interpret them leading to possible
       security issues.
     - S8168705, CVE-2016-5547: A value from an InputStream is read directly
       into the size argument of a new byte[] without validation.
     - S8164147, CVE-2017-3261: An integer overflow exists in
       SocketOutputStream which can lead to memorydisclosure.
     - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
       dispatch HTTP GET requests where the invoker does not have permission.
     - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
       long running sessions are allowed.
   * Missing
     - S8165344, CVE-2017-3272: A protected field can be leveraged into type
       confusion.
     - S8156802, CVE-2017-3241: RMI deserialization should limit the types
       deserialized to prevent attacks that could escape the sandbox.
   * Ignored
     - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
       leak information about k.
Checksums-Sha1:
 f6d25880e8f1f7ec44ae1a7e53da701ad5bebc07 4746 openjdk-7_7u121-2.6.8-2.dsc
 4888252f0cb23a89a4eadec6aff6d3e0aebf3617 210020 openjdk-7_7u121-2.6.8-2.debian.tar.xz
 bd203e1f321b411016daf90210fbbfe9e9e430c3 15162 openjdk-7_7u121-2.6.8-2_source.buildinfo
Checksums-Sha256:
 24bbd9c28e4ba0dc90cbc1f85180db07920197ce2998255c48c9b805de890e4c 4746 openjdk-7_7u121-2.6.8-2.dsc
 ca2a3aad8c68c54ed4a05b8950bf003e0021afc82b73ec9342e49d8a3a2ca53d 210020 openjdk-7_7u121-2.6.8-2.debian.tar.xz
 58eda48781e897fdfff24f8f1bb12433e5fd0ef0d0efc8bd7b4995a174f90ad7 15162 openjdk-7_7u121-2.6.8-2_source.buildinfo
Files:
 26fe9bdf2f171a894413f095b762d0b2 4746 java optional openjdk-7_7u121-2.6.8-2.dsc
 b6dbae5b568479987a18d446294c6fcb 210020 java optional openjdk-7_7u121-2.6.8-2.debian.tar.xz
 8d2b613e229d7ad94dcfde595b2f48fa 15162 java optional openjdk-7_7u121-2.6.8-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAliZnRgQHGRva29AdWJ1
bnR1LmNvbQAKCRC9fqpgd4+m9f6jD/9pyc/s5qlrjNMTQ6cjts1j311Tc+GXVpHJ
rhikMvxGVTi7PgZlSCoZgRdY15v93GDFrCbpaoROH+0NDdfqca0PFx5CSkAjXmxn
74yV3doW1al5ivWNe+vh4fTCwO2Zw4EEJL2UCbt7InFvFZcaDHeDn2s4e2SmZ1lW
1CUJ4H1vTjGzBIfvlUOVds8M2jk94GQnpOTEnUUH7vyEbIGppi80HKRPDoxPv5mK
nMDCrfynt15Imu919/zqDyuRNOJZWDR8+0mdf2AVPlfPdO9/jRoF7e0Js1f5YsEP
J7MCXP3OYtXCsZAjjKgxvQvyowSydHyv6oRvjRFvA+xFMHGNmWaXn07C0+RjpoQr
M1nw7Pu1VRNut/gNVWQu3ZrjggY+im5vb2TcVC/Td1VxU6jCepqXaeSWjZ2DAhgS
9d7gLrIQ2qYajngosugB9edFpgRoIHKSXZoalTgVwNy/tMyfwxduKE/i3ZkaPqy/
nUnTpV9k56I6ABCE2co6VM6R2eSxhmmojuARWnJwHw3rlT3Fe77cF+a/Ap4okHmw
aLhRlCC2B4AUN5aKAN9AMfPMZH8W/IMBNDKOTaH4FbUsk8XiqsgmuZEYoFC62efP
ZX6x8PUNOA+RvHO+w62x8mNr24bjPF9yVrerLGYIORUEd2pFCHcfn2jqNOdGAqz7
RnUnc3tzwQ==
=voe9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted gajim 0.16.7-1 (source all) into experimental
Next by Date: Accepted bind9 1:9.10.3.dfsg.P4-11.1 (source) into unstable
Previous by thread: Accepted gajim 0.16.7-1 (source all) into experimental
Next by thread: Accepted bind9 1:9.10.3.dfsg.P4-11.1 (source) into unstable
Index(es):
- Date
- Thread