[ubuntu/focal-security] openjdk-17 17.0.10+7-1~20.04.1 (Accepted)
Evan Caville
evan.caville at canonical.com
Tue Feb 27 00:55:23 UTC 2024
openjdk-17 (17.0.10+7-1~20.04.1) focal-security; urgency=high
* OpenJDK 17.0.10 release, build 7.
- CVEs:
+ CVE-2024-20918
+ CVE-2024-20919
+ CVE-2024-20921
+ CVE-2024-20932
+ CVE-2024-20945
+ CVE-2024-20952
- Security fixes:
+ JDK-8276123, JDK-8316613: ZipFile::getEntry will not return a file entry
when there is a directory entry of the same name within a Zip File.
+ JDK-8308204: Enhanced certificate processing.
+ JDK-8314295: Enhance verification of verifier.
+ JDK-8314307: Improve loop handling.
+ JDK-8314468: Improve Compiler loops.
+ JDK-8316976: Improve signature handling.
+ JDK-8317547: Enhance TLS connection support.
[ Vladimir Petko ]
* d/t/jtreg-autopkgtest.sh: Regenerate test script.
* Generate d/watch to cope with early access and release builds.
* d/rules: Trim trailing whitespaces from debian/control.
[ Matthias Klose ]
* Build again zero on amd64 (accidental change in 6ea-1).
[ Pushkar Kulkarni ]
* Minor improvements to the copyright-generator.
[ Pushkar Kulkarni ]
* Upload to Ubuntu 20.04
* d/rules, d/control: relax jtreg version requirement for repacked orig tarballs
* d/rules, d/control: Use gcc-10 on focal to work around LP: #2044899
openjdk-17 (17.0.10~6ea-1) unstable; urgency=medium
* OpenJDK 17.0.10 early access, build 6.
[ Pushkar Kulkarni ]
* debian/copyright: Fix whitespace issues.
[ Vladimir Petko ]
* d/copyright: Fix lintian warning.
[ Matthias Klose ]
* d/copyright: Fix source location.
* Build-depend on jtreg7 instead of jtreg6.
* d/p/googletest-version.diff: Ignore the version check, keep 1.14.
* Refresh patches.
openjdk-17 (17.0.9+9-2) unstable; urgency=medium
[ Vladimir Petko ]
* d/t/write-problems: Add missing file to generate the problem list.
[ Pushkar Kulkarni ]
* debian/copyright: Update copyrights and notices, using a generator script.
openjdk-17 (17.0.9+9-1) unstable; urgency=high
* OpenJDK 17.0.9 release, build 9.
- CVE-2023-30589, CVE-2023-22081, CVE-2023-22091, CVE-2023-22025.
The patch for CVE-2023-30589 also addresses CVE-2023-30585,
CVE-2023-30588, and CVE-2023-30590.
- Release notes:
https://www.oracle.com/java/technologies/javase/17-0-9-relnotes.html#R17_0_9
[ Vladimir Petko ]
* Backport upstream fix for jexec: can't locate java:
No such file or directory. Closes: #1029342.
* d/rules, d/watch: Bundle googletest 1.14.
* d/copyright: Add googletest copyright.
* d/test: Update problemlist.
* d/p: exclude-broken-tests.patch.
* d/p/reproducible-properties-timestamp.diff: Use the privileged action
to read the system property (JDK-8272157, 914278).
Date: 2024-02-05 20:45:10.159086+00:00
Changed-By: Matthias Klose <doko at ubuntu.com>
Signed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.10+7-1~20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list