Bug#613723: marked as done (pu: package sun-java6/6.22-1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 28 Feb 2011 01:55:02 +0000
with message-id <E1PtsKE-0004M8-BZ@franck.debian.org>
and subject line Bug#613723: fixed in sun-java6 6.24-1~squeeze1
has caused the Debian Bug report #613723,
regarding pu: package sun-java6/6.22-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
613723: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613723
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: pu: package sun-java6/6.22-1
• From: Torsten Werner <twerner@debian.org>
• Date: Wed, 16 Feb 2011 21:27:11 +0100
• Message-id: <[🔎] 20110216202707.GA13367@lumpi.twerner42.de>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

the version 6.24-1 of the package contains important security related bugfixes.
I would take 6.24-1 from unstable and build a version 6.24-1~squeeze1 for
stable. All the changes in the unstable package are safe for stable. I am
attaching a source package diff between 6.22-1 ... 6.24-1.

Cheers,
Torsten

Index: debian/control
===================================================================
--- debian/control	(Revision 13028)
+++ debian/control	(Revision 13328)
@@ -4,11 +4,11 @@
 Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
 Uploaders: Sylvestre Ledru <sylvestre@debian.org>, Torsten Werner <twerner@debian.org>
 Build-Depends: debhelper (>= 5.0.51~), lsb-release, po-debconf, defoma, unzip, bzip2, patch, libasound2, unixodbc, libx11-6, libxext6, libxi6, libxp6, libxt6, libxtst6, lib32asound2 [amd64], ia32-libs [amd64 ia64]
-Standards-Version: 3.8.4
+Standards-Version: 3.9.1
 Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/sun-java6
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/sun-java6
 XS-Autobuild: yes
-Homepage: https://jdk-distros.dev.java.net
+Homepage: http://jdk-distros.java.net/
 
 Package: sun-java6-jre
 Section: non-free/java
@@ -57,7 +57,7 @@
 Architecture: amd64 i386 lpia
 Section: non-free/web
 Priority: optional
-Depends: ${shlibs:Depends}, ${misc:Depends}, sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori
+Depends: ${shlibs:Depends}, ${misc:Depends}, sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori | google-chrome
 Xb-Npp-Applications: ec8030f7-c20a-464f-9b0e-13a3a9e97384, 92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a 
 Xb-Npp-Name: The Java(TM) Plug-in, Java SE 6
 Xb-Npp-MimeType: application/x-java-vm, application/x-java-applet, application/x-java-applet;version=1.1, application/x-java-applet;version=1.1.1, application/x-java-applet;version=1.1.2, application/x-java-applet;version=1.1.3, application/x-java-applet;version=1.2, application/x-java-applet;version=1.2.1, application/x-java-applet;version=1.2.2, application/x-java-applet;version=1.3, application/x-java-applet;version=1.3.1, application/x-java-applet;version=1.4, application/x-java-applet;version=1.4.1, application/x-java-applet;version=1.4.2, application/x-java-applet;version=1.5, application/x-java-applet;version=1.6, application/x-java-applet;jpi-version=1.6.0_07, application/x-java-bean, application/x-java-bean;version=1.1, application/x-java-bean;version=1.1.1, application/x-java-bean;version=1.1.2, application/x-java-bean;version=1.1.3, application/x-java-bean;version=1.2, application/x-java-bean;version=1.2.1, application/x-java-bean;version=1.2.2, application/x-java-bean;version=1.3, application/x-java-bean;version=1.3.1, application/x-java-bean;version=1.4, application/x-java-bean;version=1.4.1, application/x-java-bean;version=1.4.2, application/x-java-bean;version=1.5, application/x-java-bean;version=1.6, application/x-java-bean;jpi-version=1.6.0_07 
@@ -89,7 +89,7 @@
 Architecture: amd64 ia64
 Section: non-free/web
 Priority: optional
-Depends: ${shlibs:Depends}, ${misc:Depends}, ia32-sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori
+Depends: ${shlibs:Depends}, ${misc:Depends}, ia32-sun-java6-bin (>= ${source:Version}), firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori | google-chrome
 Description: The Java(TM) Plug-in, Java SE 6 (32-bit)
  Java Plug-in enables applets written to the Java Platform 6 
  specification to be run in Mozilla and other web browsers. 
Index: debian/control.in
===================================================================
--- debian/control.in	(Revision 13028)
+++ debian/control.in	(Revision 13328)
@@ -4,11 +4,11 @@
 Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
 Uploaders: Sylvestre Ledru <sylvestre@debian.org>, Torsten Werner <twerner@debian.org>
 Build-Depends: debhelper (>= 5.0.51~), lsb-release, po-debconf, defoma, unzip, bzip2, patch, libasound2, unixodbc, libx11-6, libxext6, libxi6, libxp6, libxt6, libxtst6, lib32asound2 [amd64], ia32-libs [amd64 ia64]
-Standards-Version: 3.8.4
+Standards-Version: 3.9.1
 Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/sun-java6
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/sun-java6
 XS-Autobuild: yes
-Homepage: https://jdk-distros.dev.java.net
+Homepage: http://jdk-distros.java.net/
 
 Package: @basename@-jre
 Section: non-free/java
Index: debian/rules
===================================================================
--- debian/rules	(Revision 13028)
+++ debian/rules	(Revision 13328)
@@ -60,7 +60,7 @@
 	$(if $(filter $(distribution),Debian),libxul-dev,$(if $(filter $(distrelease),hardy),xulrunner-1.9-dev,firefox-dev))
 
 browser_plugin_dirs = xulrunner-addons firefox iceape iceweasel mozilla midbrowser xulrunner konqueror
-browsers = firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori
+browsers = firefox | firefox-2 | iceweasel | mozilla-firefox | iceape-browser | mozilla-browser | epiphany-gecko | epiphany-webkit | epiphany-browser | galeon | midbrowser | moblin-web-browser | xulrunner | xulrunner-1.9 | konqueror | chromium-browser | midori | google-chrome
 
 # FIXME: xulrunner-addons only tested on sid, jaunty, karmic
 ifeq ($(distribution),Ubuntu)
@@ -315,8 +315,8 @@
 	  exit 1; \
 	fi
 
-diff_ignore = -I 'Tuesday, June 22' \
-	-I 'Tue Jun 22' -I '^ *// java GenerateCharacter'
+diff_ignore = -I 'Wednesday, February 2' \
+	-I 'Wed Feb 02' -I '^ *// java GenerateCharacter'
 
 with_check = yes
 
Index: debian/changelog
===================================================================
--- debian/changelog	(Revision 13028)
+++ debian/changelog	(Revision 13328)
@@ -1,3 +1,55 @@
+sun-java6 (6.24-1) unstable; urgency=high
+
+  * New upstream release
+  * Watch file added
+  * Homepage updated to http://jdk-distros.java.net/
+  * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
+    - (CVE-2010-4476): Java Runtime Environment hangs when converting 
+      "2.2250738585072012e-308" to a binary floating-point number.
+    - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
+                       Execution Vulnerability
+    - (CVE-2010-4454): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
+    - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
+                       Vulnerability
+    - (CVE-2010-4465): Swing timer-based security manager bypass
+    - (CVE-2010-4467): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4469): Hotspot backward jsr heap corruption
+    - (CVE-2010-4473): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4422): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4451): Vulnerability allows successful unauthenticated network
+                       attacks via HTTP. 
+    - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
+                       Vulnerability
+    - (CVE-2010-4470): JAXP untrusted component state manipulation
+    - (CVE-2010-4471): Java2D font-related system property leak
+    - (CVE-2010-4447): Vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4475): vulnerability allows successful unauthenticated network
+                       attacks via multiple protocols.
+    - (CVE-2010-4468): DNS cache poisoning by untrusted applets
+    - (CVE-2010-4450): Launcher incorrect processing of empty library path
+                       entries
+    - (CVE-2010-4448): DNS cache poisoning by untrusted applets
+    - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
+                       implementation
+    - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
+                       Operating System. 
+    
+ -- Sylvestre Ledru <sylvestre@debian.org>  Wed, 16 Feb 2011 00:46:20 +0100
+
+sun-java6 (6.23-1) unstable; urgency=low
+
+  * New upstream release
+  * Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
+  * Standards-Version updated to version 3.9.1
+
+ -- Sylvestre Ledru <sylvestre@debian.org>  Wed, 09 Feb 2011 01:23:20 +0100
+
 sun-java6 (6.22-1) unstable; urgency=low
 
   [ Torsten Werner ]

--- End Message ---

--- Begin Message ---

• To: 613723-close@bugs.debian.org
• Subject: Bug#613723: fixed in sun-java6 6.24-1~squeeze1
• From: Torsten Werner <twerner@debian.org>
• Date: Mon, 28 Feb 2011 01:55:02 +0000
• Message-id: <E1PtsKE-0004M8-BZ@franck.debian.org>

Source: sun-java6
Source-Version: 6.24-1~squeeze1

We believe that the bug you reported is fixed in the latest version of
sun-java6, which is due to be installed in the Debian FTP archive:

ia32-sun-java6-bin_6.24-1~squeeze1_amd64.deb
  to non-free/s/sun-java6/ia32-sun-java6-bin_6.24-1~squeeze1_amd64.deb
sun-java6-bin_6.24-1~squeeze1_amd64.deb
  to non-free/s/sun-java6/sun-java6-bin_6.24-1~squeeze1_amd64.deb
sun-java6-demo_6.24-1~squeeze1_amd64.deb
  to non-free/s/sun-java6/sun-java6-demo_6.24-1~squeeze1_amd64.deb
sun-java6-fonts_6.24-1~squeeze1_all.deb
  to non-free/s/sun-java6/sun-java6-fonts_6.24-1~squeeze1_all.deb
sun-java6-javadb_6.24-1~squeeze1_all.deb
  to non-free/s/sun-java6/sun-java6-javadb_6.24-1~squeeze1_all.deb
sun-java6-jdk_6.24-1~squeeze1_amd64.deb
  to non-free/s/sun-java6/sun-java6-jdk_6.24-1~squeeze1_amd64.deb
sun-java6-jre_6.24-1~squeeze1_all.deb
  to non-free/s/sun-java6/sun-java6-jre_6.24-1~squeeze1_all.deb
sun-java6-plugin_6.24-1~squeeze1_amd64.deb
  to non-free/s/sun-java6/sun-java6-plugin_6.24-1~squeeze1_amd64.deb
sun-java6-source_6.24-1~squeeze1_all.deb
  to non-free/s/sun-java6/sun-java6-source_6.24-1~squeeze1_all.deb
sun-java6_6.24-1~squeeze1.debian.tar.gz
  to non-free/s/sun-java6/sun-java6_6.24-1~squeeze1.debian.tar.gz
sun-java6_6.24-1~squeeze1.dsc
  to non-free/s/sun-java6/sun-java6_6.24-1~squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 613723@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Torsten Werner <twerner@debian.org> (supplier of updated sun-java6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 27 Feb 2011 19:38:43 +0100
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb
Architecture: source amd64 all
Version: 6.24-1~squeeze1
Distribution: stable
Urgency: low
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Torsten Werner <twerner@debian.org>
Description: 
 ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
 ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
 sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent
 sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
 sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
 sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
 sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen
 sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Closes: 613723
Changes: 
 sun-java6 (6.24-1~squeeze1) stable; urgency=low
 .
   * Upload to stable. (Closes: #613723)
Checksums-Sha1: 
 60c46cc5b7cf6d2c2939f67a3d06165321593a1b 1694 sun-java6_6.24-1~squeeze1.dsc
 9c9308d51b4483bbdfcb39182068ad6d199e3cae 90912 sun-java6_6.24-1~squeeze1.debian.tar.gz
 47b54c5310fed71e1febb83fdbdfd8624ae61900 28163006 sun-java6-bin_6.24-1~squeeze1_amd64.deb
 4ecded59e5ac9880025d20c64b83d0e365e175dc 2010 sun-java6-plugin_6.24-1~squeeze1_amd64.deb
 2484b12dbc0b862b3e80bdedf386a571298c973a 29973238 ia32-sun-java6-bin_6.24-1~squeeze1_amd64.deb
 e60d4cd1a9fa84b0497fa9b2ae4baa4abd33991d 20402226 sun-java6-jdk_6.24-1~squeeze1_amd64.deb
 3ed71d524aab4dc98aa82efc34aa055d4c4382fc 12162486 sun-java6-demo_6.24-1~squeeze1_amd64.deb
 def14827dc1be89eed2e2558db1433bbc4c80144 6504352 sun-java6-jre_6.24-1~squeeze1_all.deb
 1a0e6d43f00f7d704405cb12c432e79f24a38ded 1892 sun-java6-fonts_6.24-1~squeeze1_all.deb
 b247c867ca6deb80f6acb1013a967712d0021c67 17951842 sun-java6-source_6.24-1~squeeze1_all.deb
 9033da631df2ff88d36c67bffdc9816a58ed8c47 10791310 sun-java6-javadb_6.24-1~squeeze1_all.deb
Checksums-Sha256: 
 6929039fbdb4c1012b162791a1ed6127c4aabb9463a6159716adf3ac75944642 1694 sun-java6_6.24-1~squeeze1.dsc
 8c1b1dc28c0cdc1f724823e94e4ea05af687c053edf912cab672fb06fac8c516 90912 sun-java6_6.24-1~squeeze1.debian.tar.gz
 a55215813fbd9a305680018548d9ebbb9e55e73af9944506ef6b53c5688ee59d 28163006 sun-java6-bin_6.24-1~squeeze1_amd64.deb
 f370e596e9bf9c73933d5b15300077ac8e55ca5fad41436c069dc3e3bceb4118 2010 sun-java6-plugin_6.24-1~squeeze1_amd64.deb
 94e89493e2acd91a494387656c18503100ffa1d5f42140c89a2626d39267b39e 29973238 ia32-sun-java6-bin_6.24-1~squeeze1_amd64.deb
 7b431f1bd35cfdbd13bc5517bcd43573331c2cb88abf85091cef1828466f8241 20402226 sun-java6-jdk_6.24-1~squeeze1_amd64.deb
 a8ffe17f6eb842a64d68d1fd80f69cc1046c0225eada8c195f89f8a4df47f0d4 12162486 sun-java6-demo_6.24-1~squeeze1_amd64.deb
 568daae26e17c91183d0a5bc1a50d0a12f29a4bdbf96e0ff42b13bbf86f2d523 6504352 sun-java6-jre_6.24-1~squeeze1_all.deb
 d5721a169a55b25f8ce2a9f7be865b43f4ee83ea38eac0ba8c81838a76aa0225 1892 sun-java6-fonts_6.24-1~squeeze1_all.deb
 b2fcb26e83529ca0a152c50cb332d8cdf1051998dbd4fafb37a98a0e1d5702c8 17951842 sun-java6-source_6.24-1~squeeze1_all.deb
 ccb95e389f473f4b186da5410ac20ba4f9416ae702f8352011df7f0b43b543e3 10791310 sun-java6-javadb_6.24-1~squeeze1_all.deb
Files: 
 9dee41970e3ab0c4b9dccccf10eb88bc 1694 non-free/java optional sun-java6_6.24-1~squeeze1.dsc
 ee86e68db836de14e3e67985873e154a 90912 non-free/java optional sun-java6_6.24-1~squeeze1.debian.tar.gz
 e957fd62ab88bbb2c0f4ecda6861e51b 28163006 non-free/java optional sun-java6-bin_6.24-1~squeeze1_amd64.deb
 c6458999fb18e82e9f3b2afed24bf4fc 2010 non-free/web optional sun-java6-plugin_6.24-1~squeeze1_amd64.deb
 c4af32d00fb74b866c97fbbe5f909802 29973238 non-free/java optional ia32-sun-java6-bin_6.24-1~squeeze1_amd64.deb
 0e5652bafac399afca30b2e6be463c71 20402226 non-free/java optional sun-java6-jdk_6.24-1~squeeze1_amd64.deb
 83cd582bdf721a387e8cc5ea5f118443 12162486 non-free/java optional sun-java6-demo_6.24-1~squeeze1_amd64.deb
 2f00007c2cd67d066eb8269d080d7a1a 6504352 non-free/java optional sun-java6-jre_6.24-1~squeeze1_all.deb
 c2c5bca4e845e60b1ccbae1717c0820a 1892 non-free/fonts optional sun-java6-fonts_6.24-1~squeeze1_all.deb
 c3c33ffaf768cc43c8dd6492b708a491 17951842 non-free/java optional sun-java6-source_6.24-1~squeeze1_all.deb
 5f3d79e4fd2993dbe9c1949f84df6616 10791310 non-free/java optional sun-java6-javadb_6.24-1~squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1qn0gACgkQfY3dicTPjsPskQCfcjjTakcxUSvAONCP0t1Iqt/z
5MEAnjGR1b+ombf3nxyaVxalraOVp7+D
=y6KF
-----END PGP SIGNATURE-----

--- End Message ---