Update openjdk-8 to 8u212 - security fixes are provided

Bug #1826001 reported by Julian Alarcon on 2019-04-23
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openjdk-8 (Ubuntu)
Undecided
Unassigned

Bug Description

Current OpenJDK 8 version in Ubuntu is 8u191.

Java is now on 8u212 version

Debian already updated this in stable:

https://metadata.ftp-master.debian.org/changelogs//main/o/openjdk-8/openjdk-8_8u212-b01-1~deb9u1_changelog

Debian packages:
https://packages.debian.org/search?keywords=openjdk-8&searchon=names&suite=all&section=all

Changelog from OpenJDK:

https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-April/009115.html

Seems that source code is already in Launchpad: https://launchpad.net/ubuntu/+source/openjdk-8/+changelog

* Security fixes
  - S8211936, CVE-2019-2602: Better String parsing
  - S8218453, CVE-2019-2684: More dynamic RMI interactions
  - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID()

CVE References

description: updated
Steve Beattie (sbeattie) on 2019-04-23
information type: Private Security → Public Security
Paul White (paulw2u) on 2019-04-23
tags: added: upgrade-software-version
tags: added: bionic xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-8 - 8u212-b03-0ubuntu1

---------------
openjdk-8 (8u212-b03-0ubuntu1) eoan; urgency=medium

  [ Tiago Stürmer Daitx ]
  * Update to 8u212-b03. LP: #1826001.
  * Security fixes:
    - S8211936, CVE-2019-2602: Better String parsing.
    - S8218453, CVE-2019-2684: More dynamic RMI interactions.
    - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID().
  * Revert to GTK2 as default since GTK3 still has padding and component
    issues:
    - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on
      libgtk2.0-0 instead of relying on gtk3 for some releases.
  * debian/control: add missing dependency on testng (required by the
    testsuites).

  [ Andrej Shadura ]
  * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS.
    Closes: 922757.

  [ Matthias Klose ]
  * debian/rules, debian/tests/jtdiff-autopkgtest.sh,
    debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh:
    only set the JDK under test and allow jtreg to use its default JDK
    for running the tests.

  [ Thorsten Glaser ]
  * Improve compatibility with older releases. Closes: #925407.
    - debian/rules: determine source date using backwards-compatible
      dpkg-parsechangelog call.
    - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as
      it can be empty.

 -- Tiago Stürmer Daitx <email address hidden> Thu, 25 Apr 2019 21:28:59 +0000

Changed in openjdk-8 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers