[ubuntu/oracular-proposed] openjdk-lts 11.0.24+8-1ubuntu3 (Accepted)

Vladimir Petko vladimir.petko at canonical.com
Sun Jul 21 20:48:29 UTC 2024 

openjdk-lts (11.0.24+8-1ubuntu3) oracular; urgency=medium

  * OpenJDK 11.0.24 release, build 8. Release notes:
    https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035797.html
    - CVEs
      + CVE-2024-21147: 8323231, RangeCheckElimination array index overflow.
      + CVE-2024-21145: 8324559, Out-of-bounds access in 2D image handling.
      + CVE-2024-21140: 8320548, Range Check Elimination (RCE) pre-loop limit
        overflow.
      + CVE-2024-21144: 8322106, Pack200 increase loading time due to improper
        header validation.
      + CVE-2024-21131: 8314794, potential UTF8 size overflow.
      + CVE-2024-21138: 8319859, Excessive symbol length can lead to infinite loop.
    - Security fixes
      + JDK-8303466: C2: failed: malformed control flow.
        Limit type made precise with MaxL/MinL.
      + JDK-8314794: Improve UTF8 String supports.
      + JDK-8319859: Better symbol storage.
      + JDK-8320097: Improve Image transformations.
      + JDK-8320548: Improved loop handling.
      + JDK-8322106: Enhance Pack 200 loading.
      + JDK-8323231: Improve array management.
      + JDK-8323390: Enhance mask blit functionality.
      + JDK-8324559: Improve 2D image handling.
      + JDK-8325600: Better symbol storage.
      + JDK-8327413: Enhance compilation efficiency.
  * No-Change upload to include OpenJDK bugs related to CVEs.

openjdk-lts (11.0.24+8-1ubuntu2) oracular; urgency=medium

  * OpenJDK 11.0.24 release, build 8. Release notes:
    https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035797.html
    + CVEs
      - CVE-2024-21147
      - CVE-2024-21145
      - CVE-2024-21140
      - CVE-2024-21144
      - CVE-2024-21131
      - CVE-2024-21138
    + Security fixes
      - JDK-8303466: C2: failed: malformed control flow.
        Limit type made precise with MaxL/MinL.
      - JDK-8314794: Improve UTF8 String supports.
      - JDK-8319859: Better symbol storage.
      - JDK-8320097: Improve Image transformations.
      - JDK-8320548: Improved loop handling.
      - JDK-8322106: Enhance Pack 200 loading.
      - JDK-8323231: Improve array management.
      - JDK-8323390: Enhance mask blit functionality.
      - JDK-8324559: Improve 2D image handling.
      - JDK-8325600: Better symbol storage.
      - JDK-8327413: Enhance compilation efficiency.
  * No-Change upload to include upstream release notes.

Date: Mon, 22 Jul 2024 08:41:26 +1200
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.24+8-1ubuntu3
-------------- next part --------------
Format: 1.8
Date: Mon, 22 Jul 2024 08:41:26 +1200
Source: openjdk-lts
Built-For-Profiles: noudeb
Architecture: source
Version: 11.0.24+8-1ubuntu3
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Changes:
 openjdk-lts (11.0.24+8-1ubuntu3) oracular; urgency=medium
 .
   * OpenJDK 11.0.24 release, build 8. Release notes:
     https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035797.html
     - CVEs
       + CVE-2024-21147: 8323231, RangeCheckElimination array index overflow.
       + CVE-2024-21145: 8324559, Out-of-bounds access in 2D image handling.
       + CVE-2024-21140: 8320548, Range Check Elimination (RCE) pre-loop limit
         overflow.
       + CVE-2024-21144: 8322106, Pack200 increase loading time due to improper
         header validation.
       + CVE-2024-21131: 8314794, potential UTF8 size overflow.
       + CVE-2024-21138: 8319859, Excessive symbol length can lead to infinite loop.
     - Security fixes
       + JDK-8303466: C2: failed: malformed control flow.
         Limit type made precise with MaxL/MinL.
       + JDK-8314794: Improve UTF8 String supports.
       + JDK-8319859: Better symbol storage.
       + JDK-8320097: Improve Image transformations.
       + JDK-8320548: Improved loop handling.
       + JDK-8322106: Enhance Pack 200 loading.
       + JDK-8323231: Improve array management.
       + JDK-8323390: Enhance mask blit functionality.
       + JDK-8324559: Improve 2D image handling.
       + JDK-8325600: Better symbol storage.
       + JDK-8327413: Enhance compilation efficiency.
   * No-Change upload to include OpenJDK bugs related to CVEs.
 .
 openjdk-lts (11.0.24+8-1ubuntu2) oracular; urgency=medium
 .
   * OpenJDK 11.0.24 release, build 8. Release notes:
     https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-July/035797.html
     + CVEs
       - CVE-2024-21147
       - CVE-2024-21145
       - CVE-2024-21140
       - CVE-2024-21144
       - CVE-2024-21131
       - CVE-2024-21138
     + Security fixes
       - JDK-8303466: C2: failed: malformed control flow.
         Limit type made precise with MaxL/MinL.
       - JDK-8314794: Improve UTF8 String supports.
       - JDK-8319859: Better symbol storage.
       - JDK-8320097: Improve Image transformations.
       - JDK-8320548: Improved loop handling.
       - JDK-8322106: Enhance Pack 200 loading.
       - JDK-8323231: Improve array management.
       - JDK-8323390: Enhance mask blit functionality.
       - JDK-8324559: Improve 2D image handling.
       - JDK-8325600: Better symbol storage.
       - JDK-8327413: Enhance compilation efficiency.
   * No-Change upload to include upstream release notes.
Checksums-Sha1:
 b7092b9ba7b10d54d126f0d52c2d95d2e07f8d9b 4780 openjdk-lts_11.0.24+8-1ubuntu3.dsc
 41cfbd4c70d3c8e58987f06e98938df2a02bf2c8 175448 openjdk-lts_11.0.24+8-1ubuntu3.debian.tar.xz
 761516454359ef1c6b5116b209af2e54b0169d36 16039 openjdk-lts_11.0.24+8-1ubuntu3_source.buildinfo
Checksums-Sha256:
 6a39341b6b23427d52fe62d101f1bffde035beefb220cfc271005727dcb8fd10 4780 openjdk-lts_11.0.24+8-1ubuntu3.dsc
 3ba720cb172d84b90c3a81cd56a848821744339ec7ea6a695901fec6479125f8 175448 openjdk-lts_11.0.24+8-1ubuntu3.debian.tar.xz
 972823c3d1889f25c272e506851028fd75c7bc732a79c46e59414d64685dcffe 16039 openjdk-lts_11.0.24+8-1ubuntu3_source.buildinfo
Files:
 0ce277b1ee127d3b3622337d26c36e6d 4780 java optional openjdk-lts_11.0.24+8-1ubuntu3.dsc
 28d0252d9c8b5437334cce15deac69f0 175448 java optional openjdk-lts_11.0.24+8-1ubuntu3.debian.tar.xz
 1e61f88c1739e006d8e8b5f93b9e70aa 16039 java optional openjdk-lts_11.0.24+8-1ubuntu3_source.buildinfo
Original-Maintainer: OpenJDK Team <openjdk at lists.launchpad.net>
Vcs-Git: https://git.launchpad.net/~vpa1977/ubuntu/+source/openjdk-lts
Vcs-Git-Commit: bfd27aef8562bec40ab8edf76d669331977e4232
Vcs-Git-Ref: refs/heads/july-release

More information about the oracular-changes mailing list