Univention Bugzilla – Bug 54044
openjdk-8: Multiple issues (4.4)
Last modified: 2021-11-10 17:52:46 CET
New Debian openjdk-8 8u312-b07-1~deb9u1 fixes: This update addresses the following issues: * Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588) * Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/openjdk-8_8u302-b08-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/openjdk-8_8u312-b07-1~deb9u1.dsc @@ -1,9 +1,49 @@ -8u302-b08-1~deb9u1 [Fri, 30 Jul 2021 03:00:20 +0200] Thorsten Glaser <tg@mirbsd.de>: - - * Non-maintainer upload by the LTS Team. - * Provide builds for wheezy, jessie, stretch, buster, bullseye +8u312-b07-1~deb9u1 [Sat, 06 Nov 2021 18:41:21 +0100] Thorsten Glaser <tg@mirbsd.de>: + * Disable tests (debian/README.source documents why they fail) + * Build for stretch LTS, jessie ELTS * Effort sponsored by ⮡ tarent + +8u312-b07-1 [Fri, 05 Nov 2021 23:57:58 +0000] Thorsten Glaser <tg@mirbsd.de>: + + * New upstream release (GA) + * Security fixes: + - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong + Throw ClassFormatError if InnerClasses attribute's + inner_class_info_index is 0 + - JDK-8161016: Strange behavior of URLConnection with proxy + - JDK-8163326, CVE-2021-35550: Update the default enabled cipher + suites preference + - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on + TLS session close + - JDK-8263314: Enhance XML Dsig modes + - JDK-8265167, CVE-2021-35556: Richer Text Editors + - JDK-8265574: Improve handling of sheets + - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit + - JDK-8265776: Improve Stream handling for SSL + - JDK-8266097, CVE-2021-35561: Better hashing support + - JDK-8266103: Better specified spec values + - JDK-8266109: More Resilient Classloading + - JDK-8266115: More Manifest Jar Loading + - JDK-8266137, CVE-2021-35564: Improve Keystore integrity + - JDK-8266689, CVE-2021-35567: More Constrained Delegation + - JDK-8267086: ArrayIndexOutOfBoundsException in + java.security.KeyFactory.generatePublic + - JDK-8267712: Better LDAP reference processing + - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking + - JDK-8267735, CVE-2021-35586: Better BMP support + - JDK-8268193: Improve requests of certificates + - JDK-8268199: Correct certificate requests + - JDK-8268506: More Manifest Digests + - JDK-8269618, CVE-2021-35603: Better session identification + - JDK-8269624: Enhance method selection support + - JDK-8270398: Enhance canonicalization + - JDK-8270404: Better canonicalization + * Other changes: see + https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-October/014373.html + * Policy 4.6.1, no relevant changes + * d/copyright: Apply changes since 8u302 + * Upload sponsored by ⮡ tarent 8u302-b08-1 [Thu, 29 Jul 2021 20:45:23 +0200] Thorsten Glaser <tg@mirbsd.de>: <http://piuparts.knut.univention.de/4.4-8/#3318167015083678665>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 03f2eb45b6 Bug #54044: openjdk-8 8u312-b07-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) [4.4-8] d5a78ef7f0 Bug #54044: openjdk-8 8u312-b07-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 41 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1088>