[ubuntu/xenial-updates] openjdk-8 8u131-b11-0ubuntu1.16.04.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu May 11 14:58:26 UTC 2017
openjdk-8 (8u131-b11-0ubuntu1.16.04.2) xenial-security; urgency=medium
* Re-enable jamvm.
openjdk-8 (8u131-b11-0ubuntu1.16.04.1) xenial-security; urgency=medium
* Backport to 16.04.
openjdk-8 (8u131-b11-0ubuntu1.17.04.1) zesty-security; urgency=medium
* Update to 8u131-b11, Hotspot 8u112-b12 for AArch64.
* Security fixes:
- S8167110, CVE-2017-3514: Windows peering issue.
- S8165626, CVE-2017-3512: Improved window framing.
- S8163528, CVE-2017-3511: Better library loading.
- S8169011, CVE-2017-3526: Resizing XML parse trees.
- S8163520, CVE-2017-3509: Reuse cache entries.
- S8171533, CVE-2017-3544: Better email transfer.
- S8170222, CVE-2017-3533: Better transfers of files.
- S8171121, CVE-2017-3539: Enhancing jar checking.
* d/p/jdk-ppc64el-S8165231.diff: fixes java.nio.Bits.unaligned() on
ppc64el. LP: #1677612.
* debian/buildwatch.sh: updated to stop it if no 'make' process is running,
as it probably means that the build failed - otherwise buildwatch keeps
the builder alive until it exits after the timer (3 hours by default)
expires.
openjdk-8 (8u121-b13-4.1) unstable; urgency=medium
* Non-maintainer upload.
* openjdk-8-jre-headless: Add Breaks: tzdata-java to ensure openjdk gets
upgraded on dist-upgrades from jessie. (Closes: #857992)
openjdk-8 (8u121-b13-4) unstable; urgency=medium
* Drop Recommends on obsolete GNOME libraries so they are not in a
default GNOME desktop installation (Simon McVittie). Closes: #850268.
- sun.net.spi.DefaultProxySelector prefers libglib2.0-0 (>= 2.24)
over obsolete libgconf2-4.
- sun.nio.fs.GnomeFileTypeDetector prefers libglib2.0-0 (>= 2.24)
over libgnomevfs-2-0.
- sun.xawt.awt_Desktop prefers libgtk2.0-0 (>= 2.14) over
libgnomevfs2-0.
* See the bug report for an analysis why this can be done for releases
back to Debian wheezy (7.0) and Ubuntu precise (12.04 LTS).
openjdk-8 (8u121-b13-3) unstable; urgency=medium
* Really don't build the JamVM VM.
* Fix 8164293: HotSpot leaking memory in long-running requests.
Closes: #853758.
* Add OpenJDK Stack Unwinder and Frame Decorator for gdb.
openjdk-8 (8u121-b13-2) unstable; urgency=medium
* Fix libjpeg dependency. Closes: #852378.
openjdk-8 (8u121-b13-1) unstable; urgency=high
* Update to 8u121-b13, Hotspot 8u112-b16 for AArch64.
[ Matthias Klose ]
* Build using the default flags (POWER8) on ppc64el.
* Add a breaks for ca-certificates-java (<< 20160321~). Closes: #851667.
* Stop building JamVM for the stretch release, the VM is not working
with recent OpenJDK 8 updates. Closes: #841229, #842132.
* Fix location of jspawnhelper for KFreeBSD. Closes: #851053.
[ Tiago Stürmer Daitx ]
* debian/rules: add -O3 to DEB_CFLAGS_MAINT_STRIP and
DEB_CXXFLAGS_MAINT_STRIP for dpkg_buildflags_jdk and
dpkg_buildflags_hs as ppc64le has -O3 by default. LP: #1640845.
* Update to 8u121-b13, including security fixes.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
confusion.
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
required call to super.init allowing for uninitialized objects to be
created.
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
deserialized to prevent attacks that could escape the sandbox.
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
extraneous bytes added to them whereas the signature is supposed to be
unique.
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
sections to be 2^32-1 bytes long so these should not be uncompressed
unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
leak information about k.
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
deserialize responses from an LDAP server when an LDAP context is
expected.
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
users or external applications would interpret them leading to possible
security issues.
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
into the size argument of a new byte[] without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
* d/p/8132051-zero.diff: Superseeded by upstream fix S8154210; removed.
* d/p/hotspot-JDK-8158260-ppc64el.patch: Applied upstream; removed.
* d/p/6926048.diff: Already applied upstream; removed.
* d/p/jdk-ppc64el-S8170153.patch, d/p/openjdk-ppc64el-S8170153.patch: Improve
StrictMath performance on ppc64el. LP: #1646927.
* d/p/jdk-841269-filechooser.patch: Fix FileChooser behavior when displaying
links to non-existant files. Closes: #841269.
* Refreshed various patches.
Date: 2017-05-06 02:16:35.860631+00:00
Changed-By: Tiago Stürmer Daitx <tiago.daitx at canonical.com>
Maintainer: OpenJDK <openjdk at lists.launchpad.net>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/openjdk-8/8u131-b11-0ubuntu1.16.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list