The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix: * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream * OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl * OpenJDK: Unexpected exception thrown in regex Pattern * OpenJDK: Incorrect marking of writeable fields * OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization * OpenJDK: Incorrect IdentityHashMap size checks during deserialization * OpenJDK: Incorrect access checks in XMLEntityManager * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner * OpenJDK: Array indexing issues in LIRGenerator * OpenJDK: Excessive resource use when reading JAR manifest attributes * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream * OpenJDK: Excessive memory allocation in BMPImageReader * OpenJDK: Integer overflow in BMPImageReader * OpenJDK: Excessive memory allocation in TIFF*Decompressor For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.