Bug 49583 - openjdk-8: Multiple issues (4.4)
openjdk-8: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-0-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-06-03 10:23 CEST by Quality Assurance
Modified: 2019-06-05 15:56 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-06-03 10:23:31 CEST
New Debian openjdk-8 8u212-b03-2~deb9u1 fixes:
This update addresses the following issues:
* Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602)
* Incorrect skeleton selection in RMI registry server-side dispatch handling  (RMI, 8218453) (CVE-2019-2684)
* Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022)  (CVE-2019-2698)
Comment 1 Quality Assurance univentionstaff 2019-06-03 11:00:53 CEST
--- mirror/ftp/4.4/unmaintained/component/4.4-0-errata/source/openjdk-8_8u212-b01-1~deb9u1.dsc
+++ apt/ucs_4.4-0-errata4.4-0/source/openjdk-8_8u212-b03-2~deb9u1.dsc
@@ -1,6 +1,48 @@
-8u212-b01-1~deb9u1 [Tue, 19 Mar 2019 00:06:47 +0100] Moritz Muehlenhoff <jmm@debian.org>:
-
-  * Rebuild for stretch
+8u212-b03-2~deb9u1 [Tue, 28 May 2019 19:55:21 +0000] Moritz Muehlenhoff <jmm@debian.org>:
+
+  * Rebuild for stretch-security
+
+8u212-b03-2 [Tue, 28 May 2019 10:14:27 +0200] Matthias Klose <doko@ubuntu.com>:
+
+  * Don't apply the 8221355 fix for ARM builds.
+  * Don't configure --with-vendor-name on stable releases.
+  * Fix the jpeg runtime dependency for the build in unstable.
+
+8u212-b03-1 [Mon, 29 Apr 2019 14:51:40 +0200] Matthias Klose <doko@ubuntu.com>:
+
+  [ Matthias Klose ]
+  * Configure --with-vendor-name.
+  * 8221355: Fix performance regression after JDK-8155635 backport into 8u.
+
+  [ Tiago Stürmer Daitx ]
+  * Update to 8u212-b03. LP: #1826001.
+  * Security fixes:
+    - S8211936, CVE-2019-2602: Better String parsing.
+    - S8218453, CVE-2019-2684: More dynamic RMI interactions.
+    - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID().
+  * Revert to GTK2 as default since GTK3 still has padding and component
+    issues:
+    - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on
+      libgtk2.0-0 instead of relying on gtk3 for some releases.
+  * debian/control: add missing dependency on testng (required by the
+    testsuites).
+
+  [ Andrej Shadura ]
+  * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS.
+    Closes: 922757.
+
+  [ Matthias Klose ]
+  * debian/rules, debian/tests/jtdiff-autopkgtest.sh,
+    debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh:
+    only set the JDK under test and allow jtreg to use its default JDK
+    for running the tests.
+
+  [ Thorsten Glaser ]
+  * Improve compatibility with older releases. Closes: #925407.
+    - debian/rules: determine source date using backwards-compatible
+      dpkg-parsechangelog call.
+    - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as
+      it can be empty.
 
 8u212-b01-1 [Tue, 19 Mar 2019 08:26:02 +0100] Matthias Klose <doko@ubuntu.com>:
 

<http://10.200.17.11/4.4-0/#62936824262529827>
Comment 2 Philipp Hahn univentionstaff 2019-06-03 11:57:07 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-0] b2219760f4 Bug #49583: openjdk-8 8u212-b03-2~deb9u1
 doc/errata/staging/openjdk-8.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

[4.4-0] 42fb64e0e3 Bug #49583: openjdk-8 8u212-b03-2~deb9u1
 doc/errata/staging/openjdk-8.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-06-05 15:56:02 CEST
<http://errata.software-univention.de/ucs/4.4/139.html>