Update Java from 1.8.0_131 to 1.8.0_141 #437
Merged
+1
−1
Commits on Jul 26, 2017
-
java: Update version from 1.8.0_131 to 1.8.0_141
From [1][2][3][4]: > This release contains fixes for security vulnerabilities described in > the Oracle Java SE Critical Patch Update Advisory. For a more complete > list of the bug fixes included in this release, see the JDK 8u141 Bug > Fixes page. The Debian change-log for OpenJDK [5] lists the issues. > * Security fixes from 8u141: > - CVE-2017-10102, S8163958: Improved garbage collection. > - CVE-2017-10053, S8169209: Improved image post-processing steps. > - CVE-2017-10067, S8169392: Additional jar validation steps. > - CVE-2017-10081, S8170966: Right parenthesis issue. > - CVE-2017-10078, S8171539: Better script accessibility for JavaScript. > - CVE-2017-10087, S8172204: Better Thread Pool execution. > - CVE-2017-10089, S8172461: Service Registration Lifecycle. > - CVE-2017-10090, S8172465: Better handling of channel groups. > - CVE-2017-10096, S8172469: Transform Transformer Exceptions. > - CVE-2017-10101, S8173286: Better reading of text catalogs. > - CVE-2017-10107, S8173697: Less Active Activations. > - CVE-2017-10074, S8173770: Image conversion improvements. > - CVE-2017-10110, S8174098: Better image fetching. > - CVE-2017-10108, S8174105: Better naming attribution. > - CVE-2017-10109, S8174113: Better sourcing of code. > - CVE-2017-10115, S8175106: Higher quality DSA operations. > - CVE-2017-10118, S8175110: Higher quality ECDSA operations. > - CVE-2017-10116, S8176067: Proper directory lookup processing. > - CVE-2017-10135, S8176760: Better handling of PKCS8 material. > - CVE-2017-10176, S8178135: Additional elliptic curve support. > - CVE-2017-10193, S8179101: Improve algorithm constraints implementation. > - CVE-2017-10198, S8179998: Clear certificate chain connections. > - S8174770: Check registry registration location. > - S8174873: Improved certificate procesing. > - S8176055: JMX diagnostic improvements. > - S8176536: Improved algorithm constraints checking. > - S8181420: PPC: Image conversion improvements. > - S8182054: Improve wsdl support. > - S8184185: Rearrange MethodHandle arrangements. > > * CVE-2017-10243 is also fixed in 8u141-b15 (S8182054). [1] https://www.oracle.com/technetwork/java/javase/downloads/index.html [2] https://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html [3] https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html [4] https://www.oracle.com/technetwork/java/javase/2col/8u141-bugfixes-3720387.html [5] http://metadata.ftp-master.debian.org/changelogs/main/o/openjdk-8/openjdk-8_8u141-b15-3_changelog
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.