openjdk-8 8u121-b13-0ubuntu1.16.04.2 source package in Ubuntu
Changelog
openjdk-8 (8u121-b13-0ubuntu1.16.04.2) xenial-security; urgency=medium * Backport to 16.04. openjdk-8 (8u121-b13-0ubuntu1.16.10.2) yakkety-security; urgency=medium * debian/buildwatch.sh: updated to stop it if no 'make' process is running, as it probably means that the build failed - otherwise buildwatch keeps the builder alive until it exits after the timer (3 hours by default) expires. * debian/rules: updated jtreg tests to use agentvm and auto concurrency. openjdk-8 (8u121-b13-0ubuntu1.16.04.1) xenial-security; urgency=medium * Backport to 16.04. openjdk-8 (8u121-b13-0ubuntu1.16.10.1) yakkety-security; urgency=medium * Update to 8u121-b13, including security fixes. - S8165344, CVE-2017-3272: A protected field can be leveraged into type confusion. - S8167104, CVE-2017-3289: Custom class constructor code can bypass the required call to super.init allowing for uninitialized objects to be created. - S8156802, CVE-2017-3241: RMI deserialization should limit the types deserialized to prevent attacks that could escape the sandbox. - S8164143, CVE-2017-3260: It is possible to corrupt memory by calling dispose() on a CMenuComponentmultiple times. - S8168714, CVE-2016-5546: ECDSA will accept signatures that have various extraneous bytes added to them whereas the signature is supposed to be unique. - S8166988, CVE-2017-3253: The PNG specification allows the [iz}Txt sections to be 2^32-1 bytes long so these should not be uncompressed unless the user explicitly requests it. - S8168728, CVE-2016-5548: DSA signing exhibits a timing bias that may leak information about k. - S8168724, CVE-2016-5549: ECDSA signing exhibits a timing bias that may leak information about k. - S8161743, CVE-2017-3252: LdapLoginModule incorrectly tries to deserialize responses from an LDAP server when an LDAP context is expected. - S8167223, CVE-2016-5552: Parsing of URLs can be inconsistent with how users or external applications would interpret them leading to possible security issues. - S8168705, CVE-2016-5547: A value from an InputStream is read directly into the size argument of a new byte[] without validation. - S8164147, CVE-2017-3261: An integer overflow exists in SocketOutputStream which can lead to memorydisclosure. - S8151934, CVE-2017-3231: Under some circumstances URLClassLoader will dispatch HTTP GET requests where the invoker does not have permission. - S8165071, CVE-2016-2183: 3DES can be exploited for block collisions when long running sessions are allowed. * debian/patches/8132051-zero.diff: superseeded by upstream fix S8154210; deleted. * debian/patches/hotspot-JDK-8158260-ppc64el.patch: applied upstream; deleted. * debian/patches/6926048.diff: already applied upstream; deleted. * debian/patches/jdk-ppc64el-S8170153.patch: improve StrictMath performance on ppc64el. LP: #1646927. * debian/patches/openjdk-ppc64el-S8170153.patch: same. * debian/patches/jdk-841269-filechooser.patch: fix FileChooser behavior when displaying links to non-existant files. Closes: #841269. * Refreshed various patches. -- Tiago Stürmer Daitx <email address hidden> Mon, 23 Jan 2017 11:23:44 +0000
Upload details
- Uploaded by:
- Tiago Stürmer Daitx
- Uploaded to:
- Xenial
- Original maintainer:
- OpenJDK
- Architectures:
- alpha amd64 armel armhf arm64 i386 ia64 mips mipsel mips64 mips64el powerpc powerpcspe ppc64 ppc64el m68k sh4 sparc sparc64 s390x x32 kfreebsd-i386 kfreebsd-amd64 all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openjdk-8_8u121-b13.orig.tar.xz | 60.9 MiB | 78f64c05575fa36ae35e712e3d23b3ac139aaeb328eebca705705652b5985699 |
openjdk-8_8u121-b13-0ubuntu1.16.04.2.debian.tar.xz | 229.3 KiB | a4f5d6469c6105e6b0bb2655b17fa284490163831afa097defd731d9afbe3b24 |
openjdk-8_8u121-b13-0ubuntu1.16.04.2.dsc | 4.5 KiB | 0e13b36a206039558be3eabf42dba4c84c1bfb83bf9d9bc4171b141bf5401387 |
Available diffs
Binary packages built by this source
- openjdk-8-dbg: Java runtime based on OpenJDK (debugging symbols)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the debugging symbols.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-demo: Java runtime based on OpenJDK (demos and examples)
OpenJDK Java runtime
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-doc: OpenJDK Development Kit (JDK) documentation
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the API documentation.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk: OpenJDK Development Kit (JDK)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jdk-headless: OpenJDK Development Kit (JDK) (headless)
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre: OpenJDK Java runtime, using Hotspot Zero
Full Java runtime environment - needed for executing Java GUI and Webstart
programs, using Hotspot Zero.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-headless: OpenJDK Java runtime, using Hotspot Zero (headless)
Minimal Java runtime - needed for executing non GUI Java programs,
using Hotspot Zero.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.
- openjdk-8-jre-jamvm: Transitional package for obsolete JamVM for OpenJDK
JamVM support was removed for recent versions of OpenJDK 8.
.
This is a transitional package which can be safely removed.
- openjdk-8-jre-zero: Alternative JVM for OpenJDK, using Zero/Shark
The package provides an alternative runtime using the Zero VM and the
Shark Just In Time Compiler (JIT). Built on architectures in addition
to the Hotspot VM as a debugging aid for those architectures which don't
have a Hotspot VM.
.
The VM is started with the option `-zero'. See the README.Debian for details.
- openjdk-8-source: OpenJDK Development Kit (JDK) source files
OpenJDK is a development environment for building applications,
applets, and components using the Java programming language.
.
This package contains the Java programming language source files
(src.zip) for all classes that make up the Java core API.
.
The packages are built using the IcedTea build support and patches
from the IcedTea project.