Univention Bugzilla – Bug 51825
openjdk-8: Multiple issues (4.4)
Last modified: 2020-08-26 16:35:36 CEST
New Debian openjdk-8 8u265-b01-0+deb9u1 fixes: This update addresses the following issues: * Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) * Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * Information disclosure in color management (2D, 8238002) (CVE-2020-14581) * Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621)
--- mirror/ftp/4.4/unmaintained/4.4-5/source/openjdk-8_8u252-b09-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/openjdk-8_8u265-b01-0+deb9u1.dsc @@ -1,6 +1,74 @@ -8u252-b09-1~deb9u1 [Fri, 24 Apr 2020 13:11:49 +0000] Moritz Muehlenhoff <jmm@debian.org>: - - * Rebuild for stretch-security +8u265-b01-0+deb9u1 [Wed, 12 Aug 2020 10:17:29 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * Merge changes from 8u265-b01-0ubuntu2. + +8u265-b01-0ubuntu2 [Sat, 01 Aug 2020 21:41:17 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: + + * Improve build times and autopkgtest runs by ignoring time + consuming tests when running on zerovm and armhf systems. + - debian/tests/hotspot: exclude slow hotspot tests for + zerovm hotspot or armhf machines. + - debian/tests/hotspot-problem-list-slow.txt: define a list + of long running hotspot tests. + - debian/tests/jdk-problem-list.txt: add a list of long + running jdk tests for linux-arm (armhf) systems. + - debian/tests/jtreg-autopkgtest.in: reduce retries from + 3 to 2 in order to save time. + - debian/tests/jtreg-autopkgtest.sh: regenerated. + +8u265-b01-0ubuntu1 [Sat, 01 Aug 2020 17:50:43 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: + + * Update to 8u265-b01 (GA). + * Bug fixes: + - JDK-8249677: Regression in 8u after JDK-8237117: Better + ForkJoinPool behavior. + - JDK-8250546: Expect changed behaviour reported in JDK-8249846. + +8u262-b10-0ubuntu2 [Thu, 22 Jul 2020 20:53:08 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: + + * d/p/jdk-8249677.patch: fix regression introduced by JDK-8237117. + +8u262-b10-0ubuntu1 [Wed, 24 Jun 2020 21:29:14 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: + + * Update to 8u262-b10 (GA). Update aarch32 to 8u262-b09 (no + hotspot changes between b09 and b10). + * Security fixes: + - JDK-8028431, CVE-2020-14579: NullPointerException in + DerValue.equals(DerValue) + - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in + sun.security.util.DerInputStream.getUnalignedBitString() + - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + - JDK-8237592, CVE-2020-14577: Enhance certificate verification + - JDK-8238002, CVE-2020-14581: Better matrix operations + - JDK-8238920, CVE-2020-14583: Better Buffer support + - JDK-8240119, CVE-2020-14593: Less Affine Transformations + - JDK-8242136, CVE-2020-14621: Better XML namespace handling + - JDK-8230613: Better ASCII conversions + - JDK-8231800: Better listing of arrays + - JDK-8232014: Expand DTD support + - JDK-8233255: Better Swing Buttons + - JDK-8234032: Improve basic calendar services + - JDK-8234042: Better factory production of certificates + - JDK-8234418: Better parsing with CertificateFactory + - JDK-8234836: Improve serialization handling + - JDK-8236191: Enhance OID processing + - JDK-8238804: Enhance key handling process + - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + - JDK-8238843: Enhanced font handing + - JDK-8238925: Enhance WAV file playback + - JDK-8240482: Improved WAV file playback + - JDK-8241379: Update JCEKS support + - JDK-8241522: Manifest improved jar headers redux + * debian/patches/zero-x32.diff: remove SocketImpl.c hunks which + have been applied upstream. + * debian/patches/default-jvm-cfg-default.diff: fixed fuzz. + * debian/patches/pass-extra-flags.diff: fixed fuzz. + * debian/patches/system-lcms.diff: fixed fuzz. + +8u252-b09-1ubuntu1 [Thu, 16 Apr 2020 10:47:49 +0200] Matthias Klose <doko@ubuntu.com>: + + * Build without atk-wrapper on i386 in focal. 8u252-b09-1 [Wed, 15 Apr 2020 15:38:21 +0200] Matthias Klose <doko@ubuntu.com>: <http://10.200.17.11/4.4-5/#8297406519518599954>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 274ebf9d37 Bug #51825: openjdk-8 8u265-b01-0+deb9u1 doc/errata/staging/openjdk-8.yaml | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) [4.4-5] 5d857939ea Bug #51825: openjdk-8 8u265-b01-0+deb9u1 doc/errata/staging/openjdk-8.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x717>