[Buildroot] [PATCH 1/2] package/openjdk{-bin}: security bump 11.x to version 11.0.14.1+1

Peter Korsgaard peter at korsgaard.com
Sun May 22 20:22:40 UTC 2022 

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 >   - JDK-8217375: jarsigner breaks old signature with long lines in manifest
 >   - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
 >   - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
 >   - JDK-8268488: More valuable DerValues
 >   - JDK-8268494: Better inlining of inlined interfaces
 >   - JDK-8268512: More content for ContentInfo
 >   - JDK-8268795: Enhance digests of Jar files
 >   - JDK-8268801: Improve PKCS attribute handling
 >   - JDK-8268813, CVE-2022-21283: Better String matching
 >   - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
 >   - JDK-8269944: Better HTTP transport redux
 >   - JDK-8270386, CVE-2022-21291: Better verification of scan methods
 >   - JDK-8270392, CVE-2022-21293: Improve String constructions
 >   - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
 >   - JDK-8270492, CVE-2022-21282: Better resolution of URIs
 >   - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
 >   - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
 >   - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
 >   - JDK-8271962: Better TrueType font loading
 >   - JDK-8271968: Better canonical naming
 >   - JDK-8271987: Manifest improved manifest entries
 >   - JDK-8272014, CVE-2022-21305: Better array indexing
 >   - JDK-8272026, CVE-2022-21340: Verify Jar Verification
 >   - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
 >   - JDK-8272272: Enhance jcmd communication
 >   - JDK-8272462: Enhance image handling
 >   - JDK-8273290: Enhance sound handling
 >   - JDK-8273756, CVE-2022-21360: Enhance BMP image support
 >   - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
 >   - JDK-8274096, CVE-2022-21366: Improve decoding of image files
 >   - JDK-8279541: Improve HarfBuzz

 > For more details, see the announcement:

 > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html
 > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-February/012348.html

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard

More information about the buildroot mailing list