Format: 1.8
Date: Wed, 01 Nov 2017 07:12:56 +0100
Source: openjdk-8
Binary: openjdk-8-jdk-headless openjdk-8-jre-headless openjdk-8-jdk openjdk-8-jre openjdk-8-demo openjdk-8-source openjdk-8-doc openjdk-8-dbg openjdk-8-jre-zero
Architecture: arm64
Version: 8u151-b12-1
Distribution: bionic-proposed
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-006.buildd>
Changed-By: Matthias Klose <doko@ubuntu.com>
Description:
 openjdk-8-dbg - Java runtime based on OpenJDK (debugging symbols)
 openjdk-8-demo - Java runtime based on OpenJDK (demos and examples)
 openjdk-8-doc - OpenJDK Development Kit (JDK) documentation
 openjdk-8-jdk - OpenJDK Development Kit (JDK)
 openjdk-8-jdk-headless - OpenJDK Development Kit (JDK) (headless)
 openjdk-8-jre - OpenJDK Java runtime, using
 openjdk-8-jre-headless - OpenJDK Java runtime, using  (headless)
 openjdk-8-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
 openjdk-8-source - OpenJDK Development Kit (JDK) source files
Launchpad-Bugs-Fixed: 1723860 1723861 1723862 1723893
Changes:
 openjdk-8 (8u151-b12-1) unstable; urgency=high
 .
   * Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot
     patches.
 .
   [ Tiago Stürmer Daitx ]
   * Security patches:
     - CVE-2017-10274, S8169026: Handle smartcard clean up better. If a
       CardImpl can be recovered via finalization, then separate instances
       pointing to the same device can be created.
     - CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's
       readObject allocates an array based on data in the stream which could
       cause an OOM.
     - CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced
       thread can be used as the root of a Trusted Method Chain.
     - CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and
       possibly other Linux flavors) CR-NL in the host field are ignored and
       can be used to inject headers in an HTTP request stream.
     - CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos
       implementations can incorrectly take information from the unencrypted
       portion of the ticket from the KDC. This can lead to an MITM attack
       impersonating Kerberos services.
     - CVE-2017-10346, S8180711: Better alignment of special invocations. A
       missing load constraint for some invokespecial cases can allow invoking
       a method from an unrelated class.
     - CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated
       based on data in the serial stream without a limit onthe size.
     - CVE-2017-10347, S8181323: Better timezone processing. An array is
       allocated based on data in the serial stream without a limit on the
       size.
     - CVE-2017-10349, S8181327: Better Node predications. An array is
       allocated based on data in the serial stream without a limit onthe size.
     - CVE-2017-10345, S8181370: Better keystore handling. A malicious
       serialized object in a keystore can cause a DoS when using keytool.
     - CVE-2017-10348, S8181432: Better processing of unresolved permissions.
       An array is allocated based on data in the serial stream without a limit
       onthe size.
     - CVE-2017-10357, S8181597: Process Proxy presentation. A malicious
       serialized stream could cause an OOM due to lack on checking on the
       number of interfaces read from the stream for a Proxy.
     - CVE-2017-10355, S8181612: More stable connection processing. If an
       attack can cause an application to open a connection to a malicious FTP
       server (e.g., via XML), then a thread can be tied up indefinitely in
       accept(2).
     - CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS
       keystores should be retired from common use in favor of more modern
       keystore protections.
     - CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds
       check could lead to leaked memory contents.
     - CVE-2016-9841, S8184682: Upgrade compression library. There were four
       off by one errors found in the zlib library. Two of them are long typed
       which could lead to RCE.
   * debian/rules:
     - openjdk8 now ships limited and unlimited policy.jar files (S8157561)
       into their own directories under jre/lib/security/policy.
   * debian/rules, d/p/sec-webrev-8u151-hotspot-8179084.patch,
     d/p/sec-webrev-8u151-hotspot-8180711.patch: Apply hotspot security updates
     to both aarch32 and aarch64.
   * d/p/gcc6.diff, d/p/aarch64.diff, d/p/aarch32.diff, d/p/m68k-support.diff,
     d/p/system-libjpeg.diff: Remove hunks related to the generated configure
     file generated during the build.
   * d/p/hotspot-ppc64el-S8168318-cmpldi.patch: Use cmpldi instead of li/cmpld.
     LP: #1723893.
   * d/p/hotspot-ppc64el-S8170328-andis.patch: Use andis instead of lis/and.
     LP: #1723862.
   * d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: Add
     Montgomery multiply intrinsic. LP: #1723860.
   * d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: Leverage extrdi for
     bitfield extract is absent in OpenJDK 8. LP: #1723861.
   * d/p/jdk-S8165852-overlayfs.patch: Mount point not found for a file which
     is present in overlayfs.
 .
   [ Matthias Klose ]
   * Bump standards version.
Checksums-Sha1:
 97af4cc3cc685c931220cae100ceba6d6f4c485d 189392320 openjdk-8-dbg_8u151-b12-1_arm64.deb
 7e90bc6a49a2b4e11a9082cfbc69971582a08ed4 1810444 openjdk-8-demo_8u151-b12-1_arm64.deb
 ed95a6c598d0c0b0c4d7bbedfb906d94ca8eb2f8 6276600 openjdk-8-jdk-headless_8u151-b12-1_arm64.deb
 3da08d89e19574a53938cfb220141df29d553f3f 471040 openjdk-8-jdk_8u151-b12-1_arm64.deb
 313f48d2b9309ad748762c71bf250d50b60a1403 26285624 openjdk-8-jre-headless_8u151-b12-1_arm64.deb
 1aced9cab775a8e40cf72b0a3a9257fd45d583f6 1628472 openjdk-8-jre-zero_8u151-b12-1_arm64.deb
 7ea42a65a9abf1ae816c101ffe6aed05dfbcd0d1 60008 openjdk-8-jre_8u151-b12-1_arm64.deb
 685a4b966e2716b5cff01ce3708603d09c68c556 15958 openjdk-8_8u151-b12-1_arm64.buildinfo
Checksums-Sha256:
 9f9182351800a6c9dff0a82735278bca2e2d4606e266fbac6217c2c4fa1c20dc 189392320 openjdk-8-dbg_8u151-b12-1_arm64.deb
 b7229ce3b9021275925d7783f3cca4e5fb6f94ddc38d907ac0d9bcfaec74525f 1810444 openjdk-8-demo_8u151-b12-1_arm64.deb
 220fcfe7ae268787375e26c40e4dd63aae7ec08985e2d525a11a5aaa5d530011 6276600 openjdk-8-jdk-headless_8u151-b12-1_arm64.deb
 ac5ea2c3fb422373532e1ac7373385e76040fa842758f02af599e062e67ce3ab 471040 openjdk-8-jdk_8u151-b12-1_arm64.deb
 eec80000a3d79df7fb71aec6a14034462e2078cf321c8cd64c2856be0f663caa 26285624 openjdk-8-jre-headless_8u151-b12-1_arm64.deb
 d5af3a8cfe95c7554305bb0cbbfef7bbce9bb4689821101de2d1dc6011561f85 1628472 openjdk-8-jre-zero_8u151-b12-1_arm64.deb
 ae3781d1ae3b04a56c6898ce0be117fc8fecba15823d4dd84c24b70264f01265 60008 openjdk-8-jre_8u151-b12-1_arm64.deb
 aaa6f474d637217d3f09fc4eef45a5b84cc5f34551f3a8da64e5d15f86206e97 15958 openjdk-8_8u151-b12-1_arm64.buildinfo
Files:
 381aa79ef5f6e663ac840fbcd2281646 189392320 debug extra openjdk-8-dbg_8u151-b12-1_arm64.deb
 57703dab132d1d633062479b52293d85 1810444 java extra openjdk-8-demo_8u151-b12-1_arm64.deb
 37b324b80bce65dfcb8892828fe5419e 6276600 java optional openjdk-8-jdk-headless_8u151-b12-1_arm64.deb
 1a33570370c99310fa0bff96a10cf025 471040 java optional openjdk-8-jdk_8u151-b12-1_arm64.deb
 5e85e62683544d8f8ab87d19b28836c3 26285624 java optional openjdk-8-jre-headless_8u151-b12-1_arm64.deb
 45bbadd4385b1e08aa1dcaecf7ac63f9 1628472 java extra openjdk-8-jre-zero_8u151-b12-1_arm64.deb
 8f3a867efb4e96079d84f6c3c59d09fd 60008 java optional openjdk-8-jre_8u151-b12-1_arm64.deb
 adbc75c134b59f1a84b8a1ea192fe3b2 15958 java optional openjdk-8_8u151-b12-1_arm64.buildinfo