-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 Jan 2017 11:03:55 +0100
Source: openjdk-8
Binary: openjdk-8-jdk-headless openjdk-8-jre-headless openjdk-8-jdk openjdk-8-jre openjdk-8-demo openjdk-8-source openjdk-8-doc openjdk-8-dbg openjdk-8-jre-zero
Architecture: source
Version: 8u121-b13-1
Distribution: unstable
Urgency: high
Maintainer: OpenJDK Team <openjdk@lists.launchpad.net>
Changed-By: Matthias Klose <doko@ubuntu.com>
Description:
openjdk-8-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-8-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-8-doc - OpenJDK Development Kit (JDK) documentation
openjdk-8-jdk - OpenJDK Development Kit (JDK)
openjdk-8-jdk-headless - OpenJDK Development Kit (JDK) (headless)
openjdk-8-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-8-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-8-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
openjdk-8-source - OpenJDK Development Kit (JDK) source files
Closes: 841229 841269 842132 851053 851667
Changes:
openjdk-8 (8u121-b13-1) unstable; urgency=high
.
* Update to 8u121-b13, Hotspot 8u112-b16 for AArch64.
.
[ Matthias Klose ]
* Build using the default flags (POWER8) on ppc64el.
* Add a breaks for ca-certificates-java (<< 20160321~). Closes: #851667.
* Stop building JamVM for the stretch release, the VM is not working
with recent OpenJDK 8 updates. Closes: #841229, #842132.
* Fix location of jspawnhelper for KFreeBSD. Closes: #851053.
.
[ Tiago Stürmer Daitx ]
* debian/rules: add -O3 to DEB_CFLAGS_MAINT_STRIP and
DEB_CXXFLAGS_MAINT_STRIP for dpkg_buildflags_jdk and
dpkg_buildflags_hs as ppc64le has -O3 by default. LP: #1640845.
* Update to 8u121-b13, including security fixes.
- S8165344, CVE-2017-3272: A protected field can be leveraged into type
confusion.
- S8167104, CVE-2017-3289: Custom class constructor code can bypass the
required call to super.init allowing for uninitialized objects to be
created.
- S8156802, CVE-2017-3241: RMI deserialization should limit the types
deserialized to prevent attacks that could escape the sandbox.
- S8164143, CVE-2017-3260: It is possible to corrupt memory by calling
dispose() on a CMenuComponentmultiple times.
- S8168714, CVE-2016-5546: ECDSA will accept signatures that have various
extraneous bytes added to them whereas the signature is supposed to be
unique.
- S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt
sections to be 2^32-1 bytes long so these should not be uncompressed
unless the user explicitly requests it.
- S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may
leak information about k.
- S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may
leak information about k.
- S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to
deserialize responses from an LDAP server when an LDAP context is
expected.
- S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how
users or external applications would interpret them leading to possible
security issues.
- S8168705, CVE-2016-5547: A value from an InputStream is read directly
into the size argument of a new byte[] without validation.
- S8164147, CVE-2017-3261: An integer overflow exists in
SocketOutputStream which can lead to memorydisclosure.
- S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will
dispatch HTTP GET requests where the invoker does not have permission.
- S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when
long running sessions are allowed.
* d/p/8132051-zero.diff: Superseeded by upstream fix S8154210; removed.
* d/p/hotspot-JDK-8158260-ppc64el.patch: Applied upstream; removed.
* d/p/6926048.diff: Already applied upstream; removed.
* d/p/jdk-ppc64el-S8170153.patch, d/p/openjdk-ppc64el-S8170153.patch: Improve
StrictMath performance on ppc64el. LP: #1646927.
* d/p/jdk-841269-filechooser.patch: Fix FileChooser behavior when displaying
links to non-existant files. Closes: #841269.
* Refreshed various patches.
Checksums-Sha1:
de3b3f3cd198c95b8b135096b5c6ba34cd999b2b 4483 openjdk-8_8u121-b13-1.dsc
0e41c8b3ac17f8022e524db705af86780e86c2d1 63884892 openjdk-8_8u121-b13.orig.tar.xz
f630e66f43d9fd3834bf73173a3e86e0f0084f9b 235072 openjdk-8_8u121-b13-1.debian.tar.xz
Checksums-Sha256:
b51e13766a5d26d2babd246ab14f27b273a37287fc280f7139fb7e03aa762b3c 4483 openjdk-8_8u121-b13-1.dsc
78f64c05575fa36ae35e712e3d23b3ac139aaeb328eebca705705652b5985699 63884892 openjdk-8_8u121-b13.orig.tar.xz
f08822fd68026ede9551c863066697c24572bfc49dc1842a2703725ef7c61b9f 235072 openjdk-8_8u121-b13-1.debian.tar.xz
Files:
110c4cdad2d191bf40676f5b3943882f 4483 java optional openjdk-8_8u121-b13-1.dsc
9d3a1b7c672bc1b5ffbbf30aa4eed4b3 63884892 java optional openjdk-8_8u121-b13.orig.tar.xz
e83030ae23d57e3fdf5b5e2f697a3794 235072 java optional openjdk-8_8u121-b13-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAliGCYMQHGRva29AdWJ1
bnR1LmNvbQAKCRC9fqpgd4+m9eWzEACeKFOdkmu7DiuIjhLUAot1Oy93ZyzUoEN0
sIyjSXn8u+g68mg5/qVSKMOCkiXIMXdISLDAtvi1f1538E4XbU7otr1RJB/KCeB0
0QiW2NyY9rm0YkDxBTiQtAOdsN7ZSvoUVyiBBT43bc1gs/YVBjV/zvnnf44ZrWct
wKiYsJijrW9yzkPqUlDO1KdSJeuk9guSQh6HChx96NbO3Wo3wSYkTqcfeTMjVrrv
uJvu8QmW5FzxtUZ9mGZgVxgHBdIIeuxhPHl8yaUdOFNtZeDvcsqNS9TrJ6Z9HwmF
X9/MEmcHbyzDu69fTY0WihN3My8K9lPFJtCbjuG20Wc/f4VG7RWKrcggSccAa2nn
jRectOLnOulNAexsy0rzz8BdXHgk0bMtjuR1CpeXLfJg84sNVBGBAJGz8KsgHE4J
03DrcOh+LQYA+BPZvfbEZVDDDBSXC81ThUgHrED/IVmU0Fn+Xt/YlgtXjGxr5j0w
Le/Arw+WpRpD/bo2wK5yFE8y7xB0dcokYMaBFOsh7Y6q5j0rU6nbesU/19LbXiEg
rtHEFzvQU3uUuw3kwL4orM9YkRk6M4cnRPECpeBG2WTj3Rx3H/61Z6b7J60pdeu8
O6qkmQgMlOq8dgmYUNXD3uyzsmeVvh7cyDLTVPwnle75njX0VB19cvr0u7yutzO0
uxGCYbdHrg==
=2vnJ
-----END PGP SIGNATURE-----
