Univention Bugzilla – Bug 49585
openjdk-8: Multiple issues (4.3)
Last modified: 2019-06-05 16:23:04 CEST
New Debian openjdk-8 8u212-b03-2~deb9u1 fixes: This update addresses the following issues: * Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698)
--- mirror/ftp/4.3/unmaintained/4.3-4/source/openjdk-8_8u212-b01-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/openjdk-8_8u212-b03-2~deb9u1.dsc @@ -1,6 +1,48 @@ -8u212-b01-1~deb9u1 [Tue, 19 Mar 2019 00:06:47 +0100] Moritz Muehlenhoff <jmm@debian.org>: - - * Rebuild for stretch +8u212-b03-2~deb9u1 [Tue, 28 May 2019 19:55:21 +0000] Moritz Muehlenhoff <jmm@debian.org>: + + * Rebuild for stretch-security + +8u212-b03-2 [Tue, 28 May 2019 10:14:27 +0200] Matthias Klose <doko@ubuntu.com>: + + * Don't apply the 8221355 fix for ARM builds. + * Don't configure --with-vendor-name on stable releases. + * Fix the jpeg runtime dependency for the build in unstable. + +8u212-b03-1 [Mon, 29 Apr 2019 14:51:40 +0200] Matthias Klose <doko@ubuntu.com>: + + [ Matthias Klose ] + * Configure --with-vendor-name. + * 8221355: Fix performance regression after JDK-8155635 backport into 8u. + + [ Tiago Stürmer Daitx ] + * Update to 8u212-b03. LP: #1826001. + * Security fixes: + - S8211936, CVE-2019-2602: Better String parsing. + - S8218453, CVE-2019-2684: More dynamic RMI interactions. + - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID(). + * Revert to GTK2 as default since GTK3 still has padding and component + issues: + - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on + libgtk2.0-0 instead of relying on gtk3 for some releases. + * debian/control: add missing dependency on testng (required by the + testsuites). + + [ Andrej Shadura ] + * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS. + Closes: 922757. + + [ Matthias Klose ] + * debian/rules, debian/tests/jtdiff-autopkgtest.sh, + debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh: + only set the JDK under test and allow jtreg to use its default JDK + for running the tests. + + [ Thorsten Glaser ] + * Improve compatibility with older releases. Closes: #925407. + - debian/rules: determine source date using backwards-compatible + dpkg-parsechangelog call. + - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as + it can be empty. 8u212-b01-1 [Tue, 19 Mar 2019 08:26:02 +0100] Matthias Klose <doko@ubuntu.com>: <http://10.200.17.11/4.3-4/#62936824262529827>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] bf50ff520c Bug #49585: openjdk-8 8u212-b03-2~deb9u1 doc/errata/staging/openjdk-8.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.3/524.html>