openjdk team mailing list archive

Thread
Date

[Bug 1826001] Re: Update openjdk-8 to 8u212 - security fixes are provided

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Steve Beattie <sbeattie@xxxxxxxxxx>
Date: Tue, 23 Apr 2019 15:03:02 -0000
Reply-to: Bug 1826001 <1826001@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-8 in Ubuntu.
https://bugs.launchpad.net/bugs/1826001

Title:
  Update openjdk-8 to 8u212 - security fixes are provided

Status in openjdk-8 package in Ubuntu:
  New

Bug description:
  Current OpenJDK 8 version in Ubuntu is 8u191.

  Java is now on 8u212 version

  Debian already updated this in stable:

  https://metadata.ftp-master.debian.org/changelogs//main/o/openjdk-8
  /openjdk-8_8u212-b01-1~deb9u1_changelog

  Debian packages:
  https://packages.debian.org/search?keywords=openjdk-8&searchon=names&suite=all&section=all

  Changelog from OpenJDK:

  https://mail.openjdk.java.net/pipermail/jdk8u-
  dev/2019-April/009115.html

  Seems that source code is already in Launchpad:
  https://launchpad.net/ubuntu/+source/openjdk-8/+changelog

  * Security fixes
    - S8211936, CVE-2019-2602: Better String parsing
    - S8218453, CVE-2019-2684: More dynamic RMI interactions
    - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1826001/+subscriptions