File _patchinfo of Package patchinfo.15250
<patchinfo incident="15250">
<issue tracker="bnc" id="1169511">VUL-0: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Oracle April 2020 CPU</issue>
<issue tracker="bnc" id="1171352">L3: OpenJDK 1.8 cannot read PEM X.509 cert with whitespaces after header or footer</issue>
<issue tracker="bnc" id="1160968">VUL-0: java-1_7_0-openjdk,java-1_8_0-openjdk,java-11-openjdk: Oracle January 2020 CPU</issue>
<issue tracker="bnc" id="1172277">VUL-0: java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm: IBM Security Update April 2020</issue>
<issue tracker="cve" id="2019-2949"/>
<issue tracker="cve" id="2020-2805"/>
<issue tracker="cve" id="2020-2754"/>
<issue tracker="cve" id="2020-2654"/>
<issue tracker="cve" id="2020-2756"/>
<issue tracker="cve" id="2020-2803"/>
<issue tracker="cve" id="2020-2755"/>
<issue tracker="cve" id="2020-2781"/>
<issue tracker="cve" id="2020-2830"/>
<issue tracker="cve" id="2020-2757"/>
<issue tracker="cve" id="2020-2800"/>
<packager>pmonrealgonzalez</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for java-1_8_0-ibm</summary>
<description>This update for java-1_8_0-ibm fixes the following issues:
java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968)
- CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service
- CVE-2020-2754: Forwarded references to Nashorn
- CVE-2020-2755: Improved Nashorn matching
- CVE-2020-2756: Improved mapping of serial ENUMs
- CVE-2020-2757: Less Blocking Array Queues
- CVE-2020-2781: Improved TLS session handling
- CVE-2020-2800: Improved Headings for HTTP Servers
- CVE-2020-2803: Enhanced buffering of byte buffers
- CVE-2020-2805: Enhanced typing of methods
- CVE-2020-2830: Improved Scanner conversions
- CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data
- Added RSA PSS SUPPORT TO IBMPKCS11IMPL
- The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352).
</description>
</patchinfo>