-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 16 Feb 2011 21:37:38 +0100 Source: sun-java6 Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-doc sun-java6-javadb Architecture: ia64 Version: 6-24-0lenny1 Distribution: lenny Urgency: low Maintainer: ia64 Build Daemon (alkman) Changed-By: Torsten Werner Description: ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit) ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit) sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples sun-java6-doc - Sun JDK(TM) Documention -- integration installer sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE) sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6 sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files Closes: 613741 Changes: sun-java6 (6-24-0lenny1) oldstable; urgency=low . * New upstream release (Closes: #613741) * SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes: - (CVE-2010-4476): Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number. - (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability - (CVE-2010-4454): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability - (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution Vulnerability - (CVE-2010-4465): Swing timer-based security manager bypass - (CVE-2010-4467): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4469): Hotspot backward jsr heap corruption - (CVE-2010-4473): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4422): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4451): Vulnerability allows successful unauthenticated network attacks via HTTP. - (CVE-2010-4466): Runtime NTLM Authentication Information Leakage Vulnerability - (CVE-2010-4470): JAXP untrusted component state manipulation - (CVE-2010-4471): Java2D font-related system property leak - (CVE-2010-4447): Vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4475): vulnerability allows successful unauthenticated network attacks via multiple protocols. - (CVE-2010-4468): DNS cache poisoning by untrusted applets - (CVE-2010-4450): Launcher incorrect processing of empty library path entries - (CVE-2010-4448): DNS cache poisoning by untrusted applets - (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N implementation - (CVE-2010-4474): Easily exploitable vulnerability requiring logon to Operating System. Checksums-Sha1: ad2a0d14a8cc56100aa477bf415fbe9551443cd7 29949980 ia32-sun-java6-bin_6-24-0lenny1_ia64.deb Checksums-Sha256: 0c12a2d4e05603684cd89122930bda43d23199b3e728f5d2cd1eaa3cfa8b626a 29949980 ia32-sun-java6-bin_6-24-0lenny1_ia64.deb Files: d64024156b5b60d665655f635b7fe998 29949980 non-free/libs optional ia32-sun-java6-bin_6-24-0lenny1_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAk1ssgcACgkQmdOZoew2oYXS7ACgpXckYpOi+0UknKd2+hruV4Of 7CsAn0ODXWGsup3j7OLnNFKtBOajR/Bq =h/2Y -----END PGP SIGNATURE-----