Univention Bugzilla – Bug 50927
openjdk-8: Multiple issues (4.3)
Last modified: 2020-03-11 13:57:36 CET
New Debian openjdk-8 8u242-b08-1~deb9u1 fixes: This update addresses the following issues: * Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659)
--- mirror/ftp/4.3/unmaintained/component/4.3-5-errata/source/openjdk-8_8u232-b09-1~deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/openjdk-8_8u242-b08-1~deb9u1.dsc @@ -1,10 +1,83 @@ -8u232-b09-1~deb9u1 [Sat, 19 Oct 2019 17:00:54 +0200] Moritz Muehlenhoff <jmm@debian.org>: +8u242-b08-1~deb9u1 [Mon, 10 Feb 2020 12:38:09 +0000] Moritz Muehlenhoff <jmm@debian.org>: * Rebuild for stretch-security +8u242-b08-1 [Thu, 06 Feb 2020 19:12:24 +0100] Thorsten Glaser <tg@mirbsd.de>: + + * Team upload. + * Merge changes from 8u242-b08-0ubuntu3 back into Debian + * Fix nocheck profile (no profile support) for wheezy + * Version !nocheck default-jre-headless build dependency + to ensure at least Java 8 there as well; avoids needing to + install two JREs when building in pre-{stretch,xenial} + * Update aarch64 to GA jdk8u242-b08, aarch32 to jdk8u242-ga + * Bump Policy + +8u242-b08-0ubuntu3 [Fri, 17 Jan 2020 17:37:33 +0000] Tiago Stürmer Daitx <tiago.daitx@ubuntu.com>: + + * Sync packages with 8u242-b08: + * OpenJDK 8u242-b08 build (release). + - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities + - S8228548, CVE-2020-2593: Normalize normalization for all + - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets + - S8229951, CVE-2020-2601: Better Ticket Granting Services + - S8231422, CVE-2020-2604: Better serial filter handling + - S8231795, CVE-2020-2659: Enhance datagram socket support + - S8234037, CVE-2020-2654: Improve Object Identifier Processing + - S8037550: Update RFC references in javadoc to RFC 5280 + - S8039438: Some tests depend on internal API sun.misc.IOUtils + - S8044500: Add kinit options and krb5.conf flags that allow users + to obtain renewable tickets and specify ticket lifetimes + - S8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic, + relies on clockskew grace + - S8080835: Add blocking bulk read to sun.misc.IOUtils + - S8138978: Examine usages of sun.misc.IOUtils + - S8139206: Add InputStream readNBytes(int len) + - S8183591: Incorrect behavior when reading DER value with + Integer.MAX_VALUE length + - S8186576: KerberosTicket does not properly handle renewable + tickets at the end of their lifetime + - S8186831: Kerberos ignores PA-DATA with a non-null s2kparams + - S8186884: Test native KDC, Java krb5 lib, and native krb5 lib in + one test + - S8193832: Performance of InputStream.readAllBytes() could be improved + - S8196956: (ch) More channels cleanup + - S8201627: Kerberos sequence number issues + - S8215032: Support Kerberos cross-realm referrals (RFC 6806) + - S8225261: Better method resolutions + - S8225279: Better XRender interpolation + - S8226719: Kerberos login to Windows 2000 failed with "Inappropriate + type of checksum in message" + - S8227061: KDC.java test behaves incorrectly when AS-REQ contains a + PAData not PA-ENC-TS-ENC + - S8227381: GSS login fails with PREAUTH_FAILED + - S8227437: S4U2proxy cannot continue because server's TGT cannot be found + - S8227758: More valid PKIX processing + - S8227816: More Colorful ICC profiles + - S8230279: Improve Pack200 file reading + - S8230318: Better trust store usage + - S8230967: Improve Registry support of clients + - S8231129: More glyph images + - S8231139: Improved keystore support + - S8232381: add result NULL-checking to freetypeScaler.c + - S8232419: Improve Registry registration + - S8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private + - S8235909: File.exists throws AccessControlException for invalid + paths when a SecurityManager is installed + - S8236983: [TESTBUG] Remove pointless catch block in + test/jdk/sun/security/util/DerValue/BadValue.java + - S8236984: Add compatibility wrapper for IOUtils.readFully + * Use the hotspot arch list to select between hotspot and zero as + the default VM for autopkgtests. This fixes s390x (zero based) + autopkgtest support. + +8u242-b04-1 [Mon, 06 Jan 2020 20:59:40 +0100] Matthias Klose <doko@ubuntu.com>: + + * Update to 8u242-b04 (early access build). + 8u232-b09-1 [Thu, 17 Oct 2019 22:41:19 +0200] Matthias Klose <doko@ubuntu.com>: - * Update to 8u222-b09 (release build). + * Update to OpenJDK 8u232-b09 (GA). Updated aarch32 to 8u232-b09. * Security fixes: - S8167646: Better invalid FilePermission. - S8213429, CVE-2019-2933: Windows file handling redux. @@ -156,7 +229,7 @@ * Update to 8u222-b04. * Update ARM32 to jdk8u212-b04-aarch32-190430. - * Fix 32bit zero builds. + * Fix 32bit zero builds. 8u212-b03-3 [Tue, 28 May 2019 14:10:32 +0200] Matthias Klose <doko@ubuntu.com>: @@ -301,7 +374,7 @@ - S8201756: Improve cipher inputs. - S8203654: Improve cypher state updates. - S8204497: Better formatting of decimals. - * debian/patches/jdk-freetypeScaler-crash.diff: removed as this patch causes + * debian/patches/jdk-freetypeScaler-crash.diff: removed as this patch causes a memory leak; upstream fixed it in openjdk-7, albeit in a different way. Closes: #910672. @@ -1015,7 +1088,7 @@ LP: #1448548. * Define _alpha_ / _sh_ preprocessor macros instead of alpha / sh. * Fix jdk gensrc build on x32. - * Re-enable the atk bridge for releases with a fixed atk bridge. + * Re-enable the atk bridge for releases with a fixed atk bridge. * Really apply the 32bit detection patch. Closes: #787072. * Make derivatives builds the same as the parent distro. Closes: #797665. * Add m68k support for Zero (Andreas Schwab). @@ -2015,7 +2088,7 @@ - debian/patches/gcc-4.7.diff [ James Page ] - * Cherry picked patch from openjdk-6 to fix handling of + * Cherry picked patch from openjdk-6 to fix handling of ICC profiles (LP: #888123, #888129) (Closes: #676351). [ Damien Raude-Morvan ] @@ -2084,7 +2157,7 @@ [ Matthias Klose ] * Use NanumMyeongjo as the preferred korean font. LP: #792471. - * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when + * Fix crash in java.net.NetworkInterface.getNetworkInterfaces() when ifr_ifindex exceeds 255. LP: #925218. S7078386. * Use IPAfont as the preferred japanesse font. Closes: #646054. * Build using gcj on alpha and armel. Closes: #655750. <http://10.200.17.11/4.3-5/#3039974318415585952>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] 48f727be32 Bug #50927: openjdk-8 8u242-b08-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) [4.3-5] 7ac285ba68 Bug #50927: openjdk-8 8u242-b08-1~deb9u1 doc/errata/staging/openjdk-8.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
<http://errata.software-univention.de/ucs/4.3/646.html>