[ubuntu/artful-security] openjdk-8 8u171-b11-0ubuntu0.17.10.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Fri May 11 00:49:55 UTC 2018

openjdk-8 (8u171-b11-0ubuntu0.17.10.1) artful-security; urgency=medium

  * Update to 8u171-b11. Hotspot 8u162-b12 for aarch32 with 8u171-b10 hotspot
    security fixes and 8u171-b10 for aarch64.
    - CVE-2018-2790,S8189969: Manifest better manifest entries.
    - CVE-2018-2795,S8189977: Improve permission portability.
    - CVE-2018-2796,S8189981: Improve queuing portability.
    - CVE-2018-2797,S8189985: Improve tabular data portability.
    - CVE-2018-2798,S8189989: Improve container portability.
    - CVE-2018-2799,S8189993: Improve document portability.
    - CVE-2018-2794,S8189997: Enhance keystore mechanisms.
    - CVE-2018-2814,S8192025: Less referential references.
    - CVE-2018-2815,S8192757: Improve stub classes implementation.
    - CVE-2018-2800,S8193833: Better RMI connection support.
    - S8169080: Improve documentation examples for crypto applications.
    - S8180881: Better packaging of deserialization.
    - S8182362: Update CipherOutputStream Usage.
    - S8189123: More consistent classloading.
    - S8190478: Improved interface method selection.
    - S8190877: Better handling of abstract classes.
    - S8191696: Better mouse positioning.
    - S8192030: Better MTSchema support.
    - S8193409: Improve AES supporting classes.
    - S8193414: Improvements in MethodType lookups.
  * d/p/aarch64-hotspot-8u162-b12.patch: removed, tarball has been updated to
  * d/p/hotspot-S8185723-zero-ppc32-atomic_copy64-fix.patch,
    d/p/hotspot-S8201509-zero-s390x-atomic_copy64-fix.patch: fix ppc32, s390x
    javac segmentation fault caused by wrong inline assembler.

openjdk-8 (8u162-b12-1) unstable; urgency=high

  [ Tiago Stürmer Daitx ]
  * Update to 8u162-b12. Hotspot 8u162-b12 for aarch32 and 8u161-b16
    for aarch64 (wth 8u162-b12 patches).
  * Security updates:
    - CVE-2018-2633,S8186606: Improve LDAP lookup robustness.
    - CVE-2018-2637,S8186998: Improve JMX supportive features.
    - CVE-2018-2634,S8186600: Improve property negotiations.
    - CVE-2018-2582,S8174962: Better interface invocations.
    - CVE-2018-2641,S8185325: Improve GTK initialization.
    - CVE-2018-2618,S8185292: Stricter key generation.
    - CVE-2018-2629,S8186212: Improve GSS handling.
    - CVE-2018-2603,S8182387: Improve PKCS usage.
    - CVE-2018-2599,S8182125: Improve reliability of DNS lookups.
    - CVE-2018-2602,S8182601: Improve usage messages.
    - CVE-2018-2588,S8178449: Improve LDAP logins.
    - CVE-2018-2678,S8191142: More refactoring for naming deserialization
    - CVE-2018-2677,S8190289: More refactoring for client deserialization
    - CVE-2018-2663,S8189284: More refactoring for deserialization cases.
    - CVE-2018-2579,S8172525: Improve key keying case.
  * d/p/aarch64-hotspot-8u162-b12.patch: update aarch64 hotspot to 8u162-b12.
  * d/p/icedtea-4953367.patch: removed, fixed upstream by "S8136570: Stop
    changing user environment variables related to /usr/dt".
  * d/p/gcc6.diff: removed, fixed upstream.
  * d/p/jdk-getAccessibleValue.diff: updated, removed chunks fixed upstream
    by "S8076249: NPE in AccessBridge while editing JList model" and
    "S8145207: [macosx] JList, VO can't access non-visible list items".
  * d/p/openjdk-ppc64el-S8170153.patch, d/p/8164293.diff,
    d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: removed,
    applied upstream.
  * d/rules, d/control: depend on GKT3 instead of GTK2 for newer releases.
    LP: #1735482.
  * d/rules: wait 10 seconds before issuing SIGKILL to buildwatch.
  * d/buildwatch.sh: find hs_err files and cat them to help debugging build
  * S8173853: IllegalArgumentException in java.awt.image.ReplicateScaleFilter.
    LP: #8173853.

  [ Matthias Klose ]
  * Disable Hotspot workaround for Exec Shield (Debian only).
    Closes: #876051.
  * Fix some lintian warnings.

Date: 2018-04-27 02:15:12.302636+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Artful-changes mailing list