Overview

File _patchinfo of Package patchinfo.11867

<patchinfo incident="11867">
  <issue tracker="cve" id="2019-2816"/>
  <issue tracker="cve" id="2019-2821"/>
  <issue tracker="cve" id="2019-2762"/>
  <issue tracker="cve" id="2019-2769"/>
  <issue tracker="cve" id="2019-2745"/>
  <issue tracker="cve" id="2019-2818"/>
  <issue tracker="cve" id="2019-2786"/>
  <issue tracker="cve" id="2019-7317"/>
  <issue tracker="cve" id="2019-2766"/>
  <issue tracker="bnc" id="1141783">VUL-0: CVE-2019-2769: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Issue inside Component Utilities</issue>
  <issue tracker="bnc" id="1141787">VUL-0: CVE-2019-2786: java-1_8_0-openjdk,java-11-openjdk: Issue inside Component Security</issue>
  <issue tracker="bnc" id="1141789">VUL-0: CVE-2019-2766: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Issue inside Component Networking</issue>
  <issue tracker="bnc" id="1141781">VUL-0: CVE-2019-2821: java-11-openjdk: Issue inside Component JSSE</issue>
  <issue tracker="bnc" id="1141788">VUL-0: CVE-2019-2818: java-11-openjdk: Issue inside Component Security</issue>
  <issue tracker="bnc" id="1141782">VUL-0: CVE-2019-2762: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Issue inside Component Utilities</issue>
  <issue tracker="bnc" id="1140461">JDK 11 cannot read PEM X.509 cert with whitespaces after header or footer</issue>
  <issue tracker="bnc" id="1141784">VUL-0: CVE-2019-2745: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Issue inside Component Security</issue>
  <issue tracker="bnc" id="1141785">VUL-0: CVE-2019-2816: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Issue inside Component Networking</issue>
  <issue tracker="bnc" id="1115375">java-*-javadoc installation fails with excludedocs=true</issue>
  <issue tracker="bnc" id="1141780">VUL-0: CVE-2019-7317: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Issue inside Component AWT (libpng)</issue>
  <category>security</category>
  <summary>Security update for java-11-openjdk</summary>
  <rating>important</rating>
  <packager>fstrba</packager>
  <description>This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues:

Security issues fixed:

- CVE-2019-2745: Improved ECC Implementation (bsc#1141784).
- CVE-2019-2762: Exceptional throw cases (bsc#1141782).
- CVE-2019-2766: Improve file protocol handling (bsc#1141789).
- CVE-2019-2769: Better copies of CopiesList (bsc#1141783).
- CVE-2019-2786: More limited privilege usage (bsc#1141787).
- CVE-2019-7317: Improve PNG support options (bsc#1141780).
- CVE-2019-2818: Better Poly1305 support (bsc#1141788).
- CVE-2019-2816: Normalize normalization (bsc#1141785).
- CVE-2019-2821: Improve TLS negotiation (bsc#1141781).
- Certificate validation improvements

Non-security issues fixed:

- Do not fail installation when the manpages are not present (bsc#1115375)
- Backport upstream fix for JDK-8208602: Cannot read PEM X.509 cert if
  there is whitespace after the header or footer (bsc#1140461)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places