File _patchinfo of Package patchinfo.23202

<patchinfo incident="23202">
  <issue tracker="cve" id="2022-21360"/>
  <issue tracker="cve" id="2022-21365"/>
  <issue tracker="cve" id="2022-21291"/>
  <issue tracker="cve" id="2022-21277"/>
  <issue tracker="cve" id="2022-21248"/>
  <issue tracker="cve" id="2022-21294"/>
  <issue tracker="cve" id="2022-21282"/>
  <issue tracker="cve" id="2022-21296"/>
  <issue tracker="cve" id="2022-21299"/>
  <issue tracker="cve" id="2022-21341"/>
  <issue tracker="cve" id="2022-21340"/>
  <issue tracker="cve" id="2022-21366"/>
  <issue tracker="cve" id="2022-21293"/>
  <issue tracker="cve" id="2022-21305"/>
  <issue tracker="bnc" id="1194935">VUL-0: CVE-2022-21293: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete checks of StringBuffer and StringBuilder during deserialization</issue>
  <issue tracker="bnc" id="1194926">VUL-0: CVE-2022-21248: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incomplete deserialization class filtering in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194925">VUL-0: CVE-2022-21291: java-17-openjdk,java-11-openjdk: Incorrect marking of writeable fields</issue>
  <issue tracker="bnc" id="1194939">VUL-0: CVE-2022-21305: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Array indexing issues in LIRGenerator</issue>
  <issue tracker="bnc" id="1194941">VUL-0: CVE-2022-21341: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream</issue>
  <issue tracker="bnc" id="1194928">VUL-0: CVE-2022-21365: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Integer overflow in BMPImageReader</issue>
  <issue tracker="bnc" id="1194932">VUL-0: CVE-2022-21296: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect access checks in XMLEntityManager</issue>
  <issue tracker="bnc" id="1194927">VUL-0: CVE-2022-21366: java-17-openjdk,java-11-openjdk: Excessive memory allocation in TIFF*Decompressor</issue>
  <issue tracker="bnc" id="1194931">VUL-0: CVE-2022-21299: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Infinite loop related to incorrect handling of newlines in XMLEntityScanner</issue>
  <issue tracker="bnc" id="1194934">VUL-0: CVE-2022-21294: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Incorrect IdentityHashMap size checks during deserialization</issue>
  <issue tracker="bnc" id="1194933">VUL-0: CVE-2022-21282: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Insufficient URI checks in the XSLT TransformerImpl</issue>
  <issue tracker="bnc" id="1194930">VUL-0: CVE-2022-21277: java-17-openjdk,java-11-openjdk: Incorrect reading of TIFF files in TIFFNullDecompressor</issue>
  <issue tracker="bnc" id="1194940">VUL-0: CVE-2022-21340: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive resource use when reading JAR manifest attributes</issue>
  <issue tracker="bnc" id="1194929">VUL-0: CVE-2022-21360: java-17-openjdk,java-11-openjdk,java-1_8_0-openjdk,java-1_7_0-openjdk: Excessive memory allocation in BMPImageReader</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-1_8_0-openj9</summary>
  <description>This update for java-1_8_0-openj9 fixes the following issues:

Update to OpenJDK 8u322 build 04 with OpenJ9 0.30.0:

- Fixing the following vulnerabilities:
  CVE-2022-21248 (bsc#1194926), CVE-2022-21277 (bsc#1194930),
  CVE-2022-21282 (bsc#1194933), CVE-2022-21291 (bsc#1194925),
  CVE-2022-21293 (bsc#1194935), CVE-2022-21294 (bsc#1194934),
  CVE-2022-21296 (bsc#1194932), CVE-2022-21299 (bsc#1194931),
  CVE-2022-21305 (bsc#1194939), CVE-2022-21340 (bsc#1194940),
  CVE-2022-21341 (bsc#1194941), CVE-2022-21360 (bsc#1194929),
  CVE-2022-21365 (bsc#1194928), CVE-2022-21366 (bsc#1194927).
</description>
</patchinfo>
openSUSE Build Service is sponsored by