ELSA-2023-4177 -- Oracle java-17-openjdkID: oval:org.secpod.oval:def:1506811 | Date: (C)2023-08-08 (M)2024-02-19 |
Class: PATCH | Family: unix |
[1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop - OpenJDK: weakness in AES implementation - OpenJDK: improper handling of slash characters in URI-to-path conversion - harfbuzz: OpenJDK: O growth via consecutive marks - OpenJDK: HTTP client insufficient file name validation - OpenJDK: modulo operator array indexing issue - OpenJDK: array indexing integer overflow issue - Add Oracle vendor bug URL [Orabug: 34340155] [1:17.0.8.0.6-0.1.ea] - Update to jdk-17.0.8+6 - Sync the copy of the portable specfile with the latest update - Resolves: rhbz#2217716 [1:17.0.8.0.1-0.1.ea] - Update to jdk-17.0.8+1 - Update release notes to 17.0.8+1 - Switch to EA mode - Drop local inclusion of JDK-8274864 JDK-8305113 as they are included in 17.0.8+1 - Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1. - Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1 - Use tapsets from the misc tarball - Introduce "prelease" for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Related: rhbz#2217716 [1:17.0.7.0.7-4] - Introduce vm_variant global for consistency with future JDK builds - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Exclude classes_nocoops.jsa on i686 and arm32 - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Fix packaging of CDS archives - Resolves: rhbz#2203412