[ubuntu/impish-security] openjdk-lts 11.0.14+9-0ubuntu2~22.10 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Mon Mar 7 11:22:01 UTC 2022
openjdk-lts (11.0.14+9-0ubuntu2~22.10) impish-security; urgency=medium
* Backport the security update to 22.10.
openjdk-lts (11.0.14+9-0ubuntu2) jammy; urgency=medium
* OpenJDK 11.0.14+9 build (release).
* Security fixes
- JDK-8217375: jarsigner breaks old signature with long lines in manifest.
- JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir
named "." inside.
- JDK-8264934, CVE-2022-21248: Enhance cross VM serialization.
- JDK-8268488: More valuable DerValues.
- JDK-8268494: Better inlining of inlined interfaces.
- JDK-8268512: More content for ContentInfo.
- JDK-8268795: Enhance digests of Jar files.
- JDK-8268801: Improve PKCS attribute handling.
- JDK-8268813, CVE-2022-21283: Better String matching.
- JDK-8269151: Better construction of EncryptedPrivateKeyInfo.
- JDK-8269944: Better HTTP transport redux.
- JDK-8270386, CVE-2022-21291: Better verification of scan methods.
- JDK-8270392, CVE-2022-21293: Improve String constructions.
- JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps.
- JDK-8270492, CVE-2022-21282: Better resolution of URIs.
- JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management.
- JDK-8270646, CVE-2022-21299: Improved scanning of XML entities.
- JDK-8270952, CVE-2022-21277: Improve TIFF file handling.
- JDK-8271962: Better TrueType font loading.
- JDK-8271968: Better canonical naming.
- JDK-8271987: Manifest improved manifest entries.
- JDK-8272014, CVE-2022-21305: Better array indexing.
- JDK-8272026, CVE-2022-21340: Verify Jar Verification.
- JDK-8272236, CVE-2022-21341: Improve serial forms for transport.
- JDK-8272272: Enhance jcmd communication.
- JDK-8272462: Enhance image handling.
- JDK-8273290: Enhance sound handling.
- JDK-8273756, CVE-2022-21360: Enhance BMP image support.
- JDK-8273838, CVE-2022-21365: Enhanced BMP processing.
- JDK-8274096, CVE-2022-21366: Improve decoding of image files.
- JDK-8279541: Improve HarfBuzz.
openjdk-lts (11.0.13+8-0ubuntu1) jammy; urgency=medium
* OpenJDK 11.0.13+8 build (release).
* Security fixes
- JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites
preference.
- JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS
session close.
- JDK-8263314: Enhance XML Dsig modes.
- JDK-8265167, CVE-2021-35556: Richer Text Editors.
- JDK-8265574: Improve handling of sheets.
- JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit.
- JDK-8265776: Improve Stream handling for SSL.
- JDK-8266097, CVE-2021-35561: Better hashing support.
- JDK-8266103: Better specified spec values.
- JDK-8266109: More Resilient Classloading.
- JDK-8266115: More Manifest Jar Loading.
- JDK-8266137, CVE-2021-35564: Improve Keystore integrity.
- JDK-8266689, CVE-2021-35567: More Constrained Delegation.
- JDK-8267086: ArrayIndexOutOfBoundsException in
java.security.KeyFactory.generatePublic.
- JDK-8267712: Better LDAP reference processing.
- JDK-8267729, CVE-2021-35578: Improve TLS client handshaking.
- JDK-8267735, CVE-2021-35586: Better BMP support.
- JDK-8268193: Improve requests of certificates.
- JDK-8268199: Correct certificate requests.
- JDK-8268205: Enhance DTLS client handshake.
- JDK-8268506: More Manifest Digests.
- JDK-8269618, CVE-2021-35603: Better session identification.
- JDK-8269624: Enhance method selection support.
- JDK-8270398: Enhance canonicalization.
- JDK-8270404: Better canonicalization.
* Sync packages with 11.0.13+8-1:
- Remove patches applied upstream.
Date: 2022-01-25 14:10:10.488157+00:00
Changed-By: Matthias Klose <doko at ubuntu.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.14+9-0ubuntu2~22.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list