-
openjdk-lts (11.0.15+10-0ubuntu0.21.10.1) impish-security; urgency=medium
* Backport 11.0.15 to Ubuntu 21.10.
-- Marc Deslauriers <email address hidden> Sat, 23 Apr 2022 09:02:10 -0400
-
openjdk-lts (11.0.14.1+1-0ubuntu1~21.10) impish-security; urgency=medium
* Backport 11.0.14.1 to Ubuntu 21.10.
openjdk-lts (11.0.14.1+1-0ubuntu1) jammy; urgency=medium
* OpenJDK 11.0.14.1+1 build (release).
- Fix JDK-8218546. LP: #1966338.
-- Matthias Klose <email address hidden> Sun, 27 Mar 2022 12:06:41 +0200
-
openjdk-lts (11.0.14+9-0ubuntu2~22.10) impish-security; urgency=medium
* Backport the security update to 22.10.
openjdk-lts (11.0.14+9-0ubuntu2) jammy; urgency=medium
* OpenJDK 11.0.14+9 build (release).
* Security fixes
- JDK-8217375: jarsigner breaks old signature with long lines in manifest.
- JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir
named "." inside.
- JDK-8264934, CVE-2022-21248: Enhance cross VM serialization.
- JDK-8268488: More valuable DerValues.
- JDK-8268494: Better inlining of inlined interfaces.
- JDK-8268512: More content for ContentInfo.
- JDK-8268795: Enhance digests of Jar files.
- JDK-8268801: Improve PKCS attribute handling.
- JDK-8268813, CVE-2022-21283: Better String matching.
- JDK-8269151: Better construction of EncryptedPrivateKeyInfo.
- JDK-8269944: Better HTTP transport redux.
- JDK-8270386, CVE-2022-21291: Better verification of scan methods.
- JDK-8270392, CVE-2022-21293: Improve String constructions.
- JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps.
- JDK-8270492, CVE-2022-21282: Better resolution of URIs.
- JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management.
- JDK-8270646, CVE-2022-21299: Improved scanning of XML entities.
- JDK-8270952, CVE-2022-21277: Improve TIFF file handling.
- JDK-8271962: Better TrueType font loading.
- JDK-8271968: Better canonical naming.
- JDK-8271987: Manifest improved manifest entries.
- JDK-8272014, CVE-2022-21305: Better array indexing.
- JDK-8272026, CVE-2022-21340: Verify Jar Verification.
- JDK-8272236, CVE-2022-21341: Improve serial forms for transport.
- JDK-8272272: Enhance jcmd communication.
- JDK-8272462: Enhance image handling.
- JDK-8273290: Enhance sound handling.
- JDK-8273756, CVE-2022-21360: Enhance BMP image support.
- JDK-8273838, CVE-2022-21365: Enhanced BMP processing.
- JDK-8274096, CVE-2022-21366: Improve decoding of image files.
- JDK-8279541: Improve HarfBuzz.
-- Matthias Klose <email address hidden> Tue, 25 Jan 2022 15:03:04 +0100
-
openjdk-lts (11.0.13+8-0ubuntu1~21.10) impish-security; urgency=medium
* Backport the security update to 21.10.
openjdk-lts (11.0.13+8-0ubuntu1) jammy; urgency=medium
* OpenJDK 11.0.13+8 build (release).
* Security fixes
- JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites
preference.
- JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS
session close.
- JDK-8263314: Enhance XML Dsig modes.
- JDK-8265167, CVE-2021-35556: Richer Text Editors.
- JDK-8265574: Improve handling of sheets.
- JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit.
- JDK-8265776: Improve Stream handling for SSL.
- JDK-8266097, CVE-2021-35561: Better hashing support.
- JDK-8266103: Better specified spec values.
- JDK-8266109: More Resilient Classloading.
- JDK-8266115: More Manifest Jar Loading.
- JDK-8266137, CVE-2021-35564: Improve Keystore integrity.
- JDK-8266689, CVE-2021-35567: More Constrained Delegation.
- JDK-8267086: ArrayIndexOutOfBoundsException in
java.security.KeyFactory.generatePublic.
- JDK-8267712: Better LDAP reference processing.
- JDK-8267729, CVE-2021-35578: Improve TLS client handshaking.
- JDK-8267735, CVE-2021-35586: Better BMP support.
- JDK-8268193: Improve requests of certificates.
- JDK-8268199: Correct certificate requests.
- JDK-8268205: Enhance DTLS client handshake.
- JDK-8268506: More Manifest Digests.
- JDK-8269618, CVE-2021-35603: Better session identification.
- JDK-8269624: Enhance method selection support.
- JDK-8270398: Enhance canonicalization.
- JDK-8270404: Better canonicalization.
* Sync packages with 11.0.13+8-1:
- Remove patches applied upstream.
-- Matthias Klose <email address hidden> Fri, 29 Oct 2021 11:11:30 +0200
-
openjdk-lts (11.0.12+7-0ubuntu3) impish; urgency=medium
* Work around ftbfs in StackGuardPages test with glibc 2.34.
-- Matthias Klose <email address hidden> Sat, 14 Aug 2021 14:38:05 +0200
-
openjdk-lts (11.0.12+7-0ubuntu2) impish; urgency=high
* OpenJDK 11.0.12+7 build (release).
* Security fixes:
- JDK-8256157: Improve bytecode assembly.
- JDK-8256491: Better HTTP transport.
- JDK-8258432, CVE-2021-2341: Improve file transfers.
- JDK-8260453: Improve Font Bounding.
- JDK-8260960: Signs of jarsigner signing.
- JDK-8260967, CVE-2021-2369: Better jar file validation.
- JDK-8262380: Enhance XML processing passes.
- JDK-8262403: Enhanced data transfer.
- JDK-8262410: Enhanced rules for zones.
- JDK-8262477: Enhance String Conclusions.
- JDK-8262967: Improve Zip file support.
- JDK-8264066, CVE-2021-2388: Enhance compiler validation.
- JDK-8264079: Improve abstractions.
- JDK-8264460: Improve NTLM support.
* Sync packages with 11.0.12+7-2:
- Encode the early-access status into the package version. LP: #1934895.
-- Matthias Klose <email address hidden> Fri, 30 Jul 2021 15:36:30 +0200
-
openjdk-lts (11.0.12+7-0ubuntu1) impish; urgency=high
* OpenJDK 11.0.12+7 build (release).
* Security fixes:
- JDK-8256157: Improve bytecode assembly.
- JDK-8256491: Better HTTP transport.
- JDK-8258432, CVE-2021-2341: Improve file transfers.
- JDK-8260453: Improve Font Bounding.
- JDK-8260960: Signs of jarsigner signing.
- JDK-8260967, CVE-2021-2369: Better jar file validation.
- JDK-8262380: Enhance XML processing passes.
- JDK-8262403: Enhanced data transfer.
- JDK-8262410: Enhanced rules for zones.
- JDK-8262477: Enhance String Conclusions.
- JDK-8262967: Improve Zip file support.
- JDK-8264066, CVE-2021-2388: Enhance compiler validation.
- JDK-8264079: Improve abstractions.
- JDK-8264460: Improve NTLM support.
* Sync packages with 11.0.12+7-1:
- Encode the early-access status into the package version. LP: #1934895.
-- Matthias Klose <email address hidden> Wed, 21 Jul 2021 10:56:45 +0200
-
openjdk-lts (11.0.12+6-0ubuntu1) impish; urgency=medium
* OpenJDK 11.0.12+6 build (early access).
* Sync packages with 11.0.12+6-1:
-- Matthias Klose <email address hidden> Wed, 07 Jul 2021 12:45:19 +0200
-
openjdk-lts (11.0.12+4-0ubuntu2) impish; urgency=medium
* OpenJDK 11.0.12+4 build (early access).
* Sync packages with 11.0.11+9-1:
* Don't apply the m68k-support patch, needs an update.
-- Matthias Klose <email address hidden> Thu, 27 May 2021 12:41:33 +0200
-
openjdk-lts (11.0.12+4-0ubuntu1) impish; urgency=medium
* OpenJDK 11.0.12+4 build (early access).
* Sync packages with 11.0.11+9-1:
* Don't apply the m68k-support patch, needs an update.
-- Matthias Klose <email address hidden> Thu, 27 May 2021 12:41:33 +0200
-
openjdk-lts (11.0.11+9-0ubuntu2) hirsute; urgency=medium
* OpenJDK 11.0.11+9 build (release).
* Security fixes:
- JDK-8244473: Contextualize registration for JNDI.
- JDK-8244543: Enhanced handling of abstract classes.
- JDK-8250568: Less ambiguous processing (CVE-2021-2161).
- JDK-8253799: Make lists of normal filenames.
- JDK-8249906: Enhance opening JARs (CVE-2021-2163).
- JDK-8257001: Improve HTTP client support.
* Mark the build as an upstream release.
-- Matthias Klose <email address hidden> Wed, 21 Apr 2021 10:55:38 +0200
-
openjdk-lts (11.0.11+8-0ubuntu2) hirsute; urgency=medium
* OpenJDK 11.0.11+8 build (early access).
* Sync packages with 11.0.11+8-1:
* Set DEB_BUILD_MAINT_OPTIONS = optimize=-lto, not yet ready. Looks
like 16 and 17 are buildable with lto.
* Remove dangling jfr alternative on upgrades if no jdk is installed (Andreas
Beckmann). Closes: #985060.
* Use mktemp instead of tempfile in maintainer scripts (Andreas Beckmann).
* Backport fix for JDK-8262085, hovering Metal HTML Tooltips in different
windows cause IllegalArgExc on Linux. Closes: #967049.
-- Matthias Klose <email address hidden> Thu, 01 Apr 2021 12:31:47 +0200
