File _patchinfo of Package patchinfo.20916

<patchinfo incident="20916">
  <issue tracker="cve" id="2021-2369"/>
  <issue tracker="cve" id="2018-3639"/>
  <issue tracker="cve" id="2021-2161"/>
  <issue tracker="cve" id="2021-2163"/>
  <issue tracker="cve" id="2021-2341"/>
  <issue tracker="cve" id="2021-2432"/>
  <issue tracker="bnc" id="1188564">VUL-0: CVE-2021-2341: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: flaw inside the FtpClient</issue>
  <issue tracker="bnc" id="1185055">VUL-0: CVE-2021-2163: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Incomplete enforcement of JAR signing disabled algorithms</issue>
  <issue tracker="bnc" id="1188565">VUL-0: CVE-2021-2369: java-1_8_0-openjdk,java-1_7_0-openjdk,java-11-openjdk: JAR file handling problem containing multiple MANIFEST.MF files</issue>
  <issue tracker="bnc" id="1188568">VUL-1: CVE-2021-2432: java-1_7_0-openjdk: Vulnerability in the Java SE product of Oracle Java SE (component: JNDI).   The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attack</issue>
  <issue tracker="bnc" id="1185056">VUL-0: CVE-2021-2161: java-11-openjdk,java-1_7_0-openjdk,java-1_8_0-openjdk: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows</issue>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for java-1_7_0-openjdk</summary>
  <description>This update for java-1_7_0-openjdk fixes the following issues:

- Update to 2.6.27 - OpenJDK 7u311 (July 2021 CPU)

Security fixes:

- CVE-2021-2341: Improve file transfers (bsc#1188564)
- CVE-2021-2369: Better jar file validation (bsc#1188565)
- CVE-2021-2432: Provide better LDAP provider support (bsc#1188568)
- CVE-2021-2163: Enhance opening JARs (bsc#1185055)
- CVE-2021-2161: Less ambiguous processing (bsc#1185056)
- CVE-2018-3639: Fix revision to prefer
</description>
</patchinfo>