File _patchinfo of Package patchinfo.10205

<patchinfo incident="10205">
  <issue tracker="cve" id="2018-11212"/>
  <issue tracker="cve" id="2019-2426"/>
  <issue tracker="cve" id="2019-2422"/>
  <issue tracker="cve" id="2018-3639"/>
  <issue tracker="cve" id="2019-2684"/>
  <issue tracker="cve" id="2019-2698"/>
  <issue tracker="cve" id="2019-2602"/>
  <issue tracker="bnc" id="1122299">VUL-1: CVE-2018-11212: libjpeg-turbo,libjpeg62-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c</issue>
  <issue tracker="bnc" id="1122293">VUL-0: CVE-2019-2422: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: memory disclosure in FileChannelImpl</issue>
  <issue tracker="bnc" id="1132728">VUL-0: CVE-2019-2602: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw inside BigDecimal implementation (Component: Libraries)</issue>
  <issue tracker="bnc" id="1132732">VUL-0: CVE-2019-2684: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw was found in the RMI registry implementation</issue>
  <issue tracker="bnc" id="1133135">LTO: java-1_8_0-openjdk build fails</issue>
  <issue tracker="bnc" id="1132729">VUL-0: CVE-2019-2698: java-1_7_0-openjdk,java-1_8_0-openjdk: out of bounds access flaw in the 2D component</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openjdk</summary>
  <description>This update for java-1_8_0-openjdk to version 8u212 fixes the following issues:

Security issues fixed:

- CVE-2019-2602: Better String parsing (bsc#1132728).
- CVE-2019-2684: More dynamic RMI interactions (bsc#1132732).
- CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729).
- CVE-2019-2422: Better FileChannel (bsc#1122293).
- CVE-2018-11212: Improve JPEG (bsc#1122299).

Non-Security issue fixed:

- Disable LTO (bsc#1133135).
- Added Japanese new era name.

This update was imported from the SUSE:SLE-12-SP1:Update update project.</description>
</patchinfo>