Univention Bugzilla – Full Text Bug Listing |
Summary: | openjdk-8: Multiple issues (4.4) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) |
Description
Quality Assurance
2020-05-04 08:51:29 CEST
--- mirror/ftp/4.4/unmaintained/4.4-4/source/openjdk-8_8u242-b08-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/openjdk-8_8u252-b09-1~deb9u1.dsc @@ -1,10 +1,96 @@ -8u242-b08-1~deb9u1 [Mon, 10 Feb 2020 12:38:09 +0000] Moritz Muehlenhoff <jmm@debian.org>: +8u252-b09-1~deb9u1 [Fri, 24 Apr 2020 13:11:49 +0000] Moritz Muehlenhoff <jmm@debian.org>: * Rebuild for stretch-security +8u252-b09-1 [Wed, 15 Apr 2020 15:38:21 +0200] Matthias Klose <doko@ubuntu.com>: + + * Update to OpenJDK 8u252-b09 (GA). Updated aarch32 to 8u252-b08 (no + hotspot changes between b08 and b09). + * Security fixes + - JDK-8223898, CVE-2020-2754: Forward references to Nashorn + - JDK-8223904, CVE-2020-2755: Improve Nashorn matching + - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs + - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues + - JDK-8225603: Enhancement for big integers + - JDK-8227542: Manifest improved jar headers + - JDK-8231415, CVE-2020-2773: Better signatures in XML + - JDK-8233250: Better X11 rendering + - JDK-8233410: Better Build Scripting + - JDK-8234027: Better JCEKS key support + - JDK-8234408, CVE-2020-2781: Improve TLS session handling + - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers + - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers + - JDK-8235274, CVE-2020-2805: Enhance typing of methods + - JDK-8236201, CVE-2020-2830: Better Scanner conversions + - JDK-8238960: linux-i586 builds are inconsistent as the newly build + jdk is not able to reserve enough space for object heap + * Other changes + - JDK-8005819: Support cross-realm MSSFU + - JDK-8022263: use same Clang warnings on BSD as on Linux + - JDK-8038631: Create wrapper for awt.Robot with additional functionality + - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex + assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor + is invalid + - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and + some unit tests + - JDK-8068184: Fix for JDK-8032832 caused a deadlock + - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature + - JDK-8132130: some docs cleanup + - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit + - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods + is not optimal + - JDK-8144446: Automate the Marlin crash test + - JDK-8144526: Remove Marlin logging use of deleted internal API + - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats + - JDK-8144654: Improve Marlin logging + - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with + huge coordinates and round joins + - JDK-8166976: TestCipherPBECons has wrong @run line + - JDK-8167409: Invalid value passed to critical JNI function + - JDK-8181872: C1: possible overflow when strength reducing integer multiply + by constant + - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + - JDK-8191227: issues with unsafe handle resolution + - JDK-8197441: Signature#initSign/initVerify for an invalid + private/public key fails with ClassCastException for SunPKCS11 provider + - JDK-8204152: SignedObject throws NullPointerException for null keys with + an initialized Signature object + - JDK-8215756: Memory leaks in the AWT on macOS + - JDK-8216472: (se) Stack overflow during selection operation leads to crash + - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from + mtInternal to mtThread + - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected + exceptions + - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts + test + - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test + - JDK-8229022: BufferedReader performance can be improved by using + StringBuilder + - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC + - JDK-8229872: (fs) Increase buffer size used with getmntent + - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey + cause Exception + - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type + - JDK-8235744: PIT: + test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in + linux-x64 + - JDK-8235904: Infinite loop when rendering huge lines + - JDK-8236179: C1 register allocation error with T_ADDRESS + - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read + - JDK-8240521: Revert backport of 8231584: Deadlock with + ClassLoader.findLibrary and System.loadLibrary call + - JDK-8241296: Segfault in JNIHandleBlock::oops_do() + - JDK-8241307: Marlin renderer should not be the default in 8u252 + * Build using GCC 9 in unstable. Closes: #944184. + +8u252-b07-1 [Thu, 26 Mar 2020 12:57:56 +0100] Matthias Klose <doko@ubuntu.com>: + + * Update to 8u252-b07 (early access build). + * Update ARM32 and AArch64 hotspot to 8u252-b06. + * Build using GCC 9 in recent releases. + 8u242-b08-1 [Thu, 06 Feb 2020 19:12:24 +0100] Thorsten Glaser <tg@mirbsd.de>: - * Team upload. * Merge changes from 8u242-b08-0ubuntu3 back into Debian * Fix nocheck profile (no profile support) for wheezy * Version !nocheck default-jre-headless build dependency @@ -15,7 +101,6 @@ 8u242-b08-0ubuntu3 [Fri, 17 Jan 2020 17:37:33 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: - * Sync packages with 8u242-b08: * OpenJDK 8u242-b08 build (release). - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities - S8228548, CVE-2020-2593: Normalize normalization for all <http://10.200.17.11/4.4-4/#884597326658765954> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-4] b972d00fb6 Bug #51206: openjdk-8 8u252-b09-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) |