Univention Bugzilla – Bug 48200
openjdk-7: Multiple issues (4.2)
Last modified: 2018-11-28 12:29:35 CET
New Debian openjdk-7 7u181-2.6.14-2~deb8u1A~4.2.5.201811260940 fixes: This update addresses the following issues: * insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214)
--- mirror/ftp/4.2/unmaintained/4.2-5/source/openjdk-7_7u181-2.6.14-1~deb8u1A~4.2.4.201808071712.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/openjdk-7_7u181-2.6.14-2~deb8u1A~4.2.5.201811260940.dsc @@ -1,11 +1,39 @@ -7u181-2.6.14-1~deb8u1A~4.2.4.201808071712 [Tue, 07 Aug 2018 17:12:34 +0200] Univention builddaemon <buildd@univention.de>: +7u181-2.6.14-2~deb8u1A~4.2.5.201811260940 [Mon, 26 Nov 2018 09:40:45 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 10_tzdata -7u181-2.6.14-1~deb8u1 [Fri, 08 Jun 2018 12:54:06 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: +7u181-2.6.14-2~deb8u1 [Tue, 20 Nov 2018 17:55:11 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Rebuild for jessie-security. + +7u181-2.6.14-2 [Thu, 11 Oct 2018 01:47:12 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: + + * Apply 7u191-b01 and 7u201-b00 security patches. + * Security fixes: + - CVE-2018-3136, S8194534: Manifest better support. + - CVE-2018-3139, S8196902: Better HTTP redirection support. + - CVE-2018-3149, S8199177: Enhance JNDI lookups. + - CVE-2018-3169, S8199226: Improve field accesses. + - CVE-2018-3180, S8202613: Improve TLS connections stability. + - CVE-2018-2938, S8197871: Support Derby connections. + - CVE-2018-2952, S8199547: Exception to Pattern Syntax. + - S8191239: Improve desktop file usage. + - S8193419: Better Internet address support. + - S8197925: Better stack walking. + - S8200666: Improve LDAP support. + * debian/patches/hotspot-disable-exec-shield-workaround.patch: removed, + upstream fixed i386 stack guard support in S8197429 (hotspot's mercurial + commit 6636:d673ec579604). + * debian/patches/jdk-freetypeScaler-crash.diff: removed, it caused + a memory leak and has been fixed upstream already, albeit in a + different way. Closes: #910672. + * debian/patches/jdk-8132985-backport-double-free.patch, + debian/patches/jdk-8139803-backport-warning.patch: fix crash in + freetypescaler due to double free, thanks to Heikki Aitakangas for + the report and patches. (Closes: #911847) + * debian/rules: run only the hotspot testsuite for jamvm and zero + alternative vms to make build faster. 7u181-2.6.14-1 [Fri, 08 Jun 2018 12:23:38 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: <http://10.200.17.11/4.2-5/#8005107667074228322>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 55e6aad903 Bug #48200: openjdk-7 7u181-2.6.14-2~deb8u1A~4.2.5.201811260940 doc/errata/staging/openjdk-7.yaml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) [4.2-5] f0366e3146 Bug #48200: openjdk-7 7u181-2.6.14-2~deb8u1A~4.2.5.201811260940 doc/errata/staging/openjdk-7.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<http://errata.software-univention.de/ucs/4.2/555.html>