[ubuntu/xenial-security] openjdk-8 8u131-b11-0ubuntu1.16.04.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu May 11 14:35:39 UTC 2017 

openjdk-8 (8u131-b11-0ubuntu1.16.04.2) xenial-security; urgency=medium

  * Re-enable jamvm.

openjdk-8 (8u131-b11-0ubuntu1.16.04.1) xenial-security; urgency=medium

  * Backport to 16.04.

openjdk-8 (8u131-b11-0ubuntu1.17.04.1) zesty-security; urgency=medium

  * Update to 8u131-b11, Hotspot 8u112-b12 for AArch64.
  * Security fixes:
    - S8167110, CVE-2017-3514: Windows peering issue.
    - S8165626, CVE-2017-3512: Improved window framing.
    - S8163528, CVE-2017-3511: Better library loading.
    - S8169011, CVE-2017-3526: Resizing XML parse trees.
    - S8163520, CVE-2017-3509: Reuse cache entries.
    - S8171533, CVE-2017-3544: Better email transfer.
    - S8170222, CVE-2017-3533: Better transfers of files.
    - S8171121, CVE-2017-3539: Enhancing jar checking.
  * d/p/jdk-ppc64el-S8165231.diff: fixes java.nio.Bits.unaligned() on 
    ppc64el. LP: #1677612.
  * debian/buildwatch.sh: updated to stop it if no 'make' process is running,
    as it probably means that the build failed - otherwise buildwatch keeps
    the builder alive until it exits after the timer (3 hours by default)
    expires.

openjdk-8 (8u121-b13-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * openjdk-8-jre-headless: Add Breaks: tzdata-java to ensure openjdk gets
    upgraded on dist-upgrades from jessie.  (Closes: #857992)

openjdk-8 (8u121-b13-4) unstable; urgency=medium

  * Drop Recommends on obsolete GNOME libraries so they are not in a
    default GNOME desktop installation (Simon McVittie). Closes: #850268.
    - sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
      over obsolete libgconf2-4.
    - sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
      over libgnomevfs-2-0.
    - sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
      libgnomevfs2-0.
  * See the bug report for an analysis why this can be done for releases
    back to Debian wheezy (7.0) and Ubuntu precise (12.04 LTS).

openjdk-8 (8u121-b13-3) unstable; urgency=medium

  * Really don't build the JamVM VM.
  * Fix 8164293: HotSpot leaking memory in long-running requests.
    Closes: #853758.
  * Add OpenJDK Stack Unwinder and Frame Decorator for gdb.

openjdk-8 (8u121-b13-2) unstable; urgency=medium

  * Fix libjpeg dependency. Closes: #852378.

openjdk-8 (8u121-b13-1) unstable; urgency=high

  * Update to 8u121-b13, Hotspot 8u112-b16 for AArch64.

  [ Matthias Klose ]
  * Build using the default flags (POWER8) on ppc64el.
  * Add a breaks for ca-certificates-java (<< 20160321~). Closes: #851667.
  * Stop building JamVM for the stretch release, the VM is not working
    with recent OpenJDK 8 updates. Closes: #841229, #842132.
  * Fix location of jspawnhelper for KFreeBSD. Closes: #851053.

  [ Tiago Stürmer Daitx ]
  * debian/rules: add -O3 to DEB_CFLAGS_MAINT_STRIP and
    DEB_CXXFLAGS_MAINT_STRIP for dpkg_buildflags_jdk and
    dpkg_buildflags_hs as ppc64le has -O3 by default. LP: #1640845.
  * Update to 8u121-b13, including security fixes.
    - S8165344, CVE-2017-3272: A protected field can be leveraged into type
      confusion.
    - S8167104, CVE-2017-3289: Custom class constructor code can bypass the
      required call to super.init allowing for uninitialized objects to be
      created.
    - S8156802, CVE-2017-3241: RMI deserialization should limit the types
      deserialized to prevent attacks that could escape the sandbox.
    - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
      dispose() on a CMenuComponentmultiple times.
    - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
      extraneous bytes added to them whereas the signature is supposed to be
      unique.
    - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
      sections to be 2^32-1 bytes long so these should not be uncompressed
      unless the user explicitly requests it.
    - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
      leak information about k.
    - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
      leak information about k.
    - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
      deserialize responses from an LDAP server when an LDAP context is
      expected.
    - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
      users or external applications would interpret them leading to possible
      security issues.
    - S8168705, CVE-2016-5547: A value from an InputStream is read directly
      into the size argument of a new byte[] without validation.
    - S8164147, CVE-2017-3261: An integer overflow exists in
      SocketOutputStream which can lead to memorydisclosure.
    - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
      dispatch HTTP GET requests where the invoker does not have permission.
    - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
      long running sessions are allowed.
  * d/p/8132051-zero.diff: Superseeded by upstream fix S8154210; removed.
  * d/p/hotspot-JDK-8158260-ppc64el.patch: Applied upstream; removed.
  * d/p/6926048.diff: Already applied upstream; removed.
  * d/p/jdk-ppc64el-S8170153.patch, d/p/openjdk-ppc64el-S8170153.patch: Improve
    StrictMath performance on ppc64el. LP: #1646927.
  * d/p/jdk-841269-filechooser.patch: Fix FileChooser behavior when displaying
    links to non-existant files. Closes: #841269.
  * Refreshed various patches.

Date: 2017-05-06 02:16:35.860631+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-0ubuntu1.16.04.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list