Overview

File _patchinfo of Package patchinfo.39821

<patchinfo incident="39821">
  <issue tracker="cve" id="2025-30749"/>
  <issue tracker="cve" id="2025-50059"/>
  <issue tracker="cve" id="2025-30761"/>
  <issue tracker="cve" id="2025-50106"/>
  <issue tracker="cve" id="2025-30754"/>
  <issue tracker="bnc" id="1246595">VUL-0: CVE-2025-30749: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: several scenarios can lead to heap corruption</issue>
  <issue tracker="bnc" id="1246598">VUL-0: CVE-2025-30754: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: incomplete handshake may lead to weakening TLS protections</issue>
  <issue tracker="bnc" id="1246575">VUL-0: CVE-2025-50059: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)</issue>
  <issue tracker="bnc" id="1246584">VUL-0: CVE-2025-50106: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)</issue>
  <issue tracker="bnc" id="1246580">VUL-0: CVE-2025-30761: java-10-openjdk,java-11-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-9-openjdk: Improve scripting supports (Oracle CPU 2025-07)</issue>
  <packager>fstrba</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for java-11-openjdk</summary>
  <description>This update for java-11-openjdk fixes the following issues:

Upgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU):

Security fixes:

- CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) 
- CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) 
- CVE-2025-30761: Improve scripting supports (bsc#1246580) 
- CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) 
- CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) 

Changelog:

    + JDK-8026976: ECParameters, Point does not match field size
    + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong
      value
    + JDK-8231058: VerifyOops crashes with assert(_offset &gt;= 0)
      failed: offset for non comment?
    + JDK-8232625: HttpClient redirect policy should be more
      conservative
    + JDK-8258483: [TESTBUG] gtest
      CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is
      too small
    + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are
      problematic
    + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
    + JDK-8301753: AppendFile/WriteFile has differences between make
      3.81 and 4+
    + JDK-8303770: Remove Baltimore root certificate expiring in May
      2025
    + JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender
    + JDK-8327476: Upgrade JLine to 3.26.1
    + JDK-8328957: Update PKCS11Test.java to not use hardcoded path
    + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to
      v3.1
    + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm
      gtest fails on ppc64 based platforms
    + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the
      getKeyChar method of the AccessBridge class
    + JDK-8345133: Test sun/security/tools/jarsigner/
      /TsacertOptionTest.java failed: Warning found in stdout
    + JDK-8345625: Better HTTP connections
    + JDK-8346887: DrawFocusRect() may cause an assertion failure
    + JDK-8347629: Test FailOverDirectExecutionControlTest.java
      fails with -Xcomp
    + JDK-8348110: Update LCMS to 2.17
    + JDK-8348596: Update FreeType to 2.13.3
    + JDK-8348598: Update Libpng to 1.6.47
    + JDK-8348989: Better Glyph drawing
    + JDK-8349111: Enhance Swing supports
    + JDK-8349594: Enhance TLS protocol support
    + JDK-8350469: [11u] Test AbsPathsInImage.java fails
      - JDK-8239429 public clone
    + JDK-8350498: Remove two Camerfirma root CA certificates
    + JDK-8350991: Improve HTTP client header handling
    + JDK-8351099: Bump update version of OpenJDK: 11.0.28
    + JDK-8351422: Improve scripting supports
    + JDK-8352302: Test sun/security/tools/jarsigner/
      /TimestampCheck.java is failing
    + JDK-8352716: (tz) Update Timezone Data to 2025b
    + JDK-8356096: ISO 4217 Amendment 179 Update
    + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS
    + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
    + JDK-8360147: Better Glyph drawing redux
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places