[ubuntu/questing-security] openjdk-17-crac 17.0.18+8-0ubuntu1~25.10 (Accepted)
John Breton
john.breton at canonical.com
Mon Feb 2 17:25:39 UTC 2026
openjdk-17-crac (17.0.18+8-0ubuntu1~25.10) questing-security; urgency=medium
* Upload to Ubuntu 25.10.
openjdk-17-crac (17.0.18+8-0ubuntu1) resolute; urgency=medium
* New release based on OpenJDK 17.0.17 release, build 8.
- CVEs:
+ CVE-2026-21945: 8368032: Enhance Certificate Checking.
+ CVE-2026-21932: 8359501: Enhance Handling of URIs.
+ CVE-2026-21933: 8362632: Improve HttpServer Request handling.
+ CVE-2026-21925: 8341496: Improve JMX connections.
[ Pushkar Kulkarni ]
* d/t/jtreg-autopkgtest.*: use locale name "C.UTF-8" on bionic
and focal.
[ Vladimir Petko ]
* d/p/jdk-8369450-proposed.patch: Drop patch applied upstream.
* Update override comments for unstripped-binary-or-object. We need to
keep symbols for Native Memory Tracking to work.
* d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override
for old FSF copyright address.
* d/s/lintian-overrides: Override false positive debian-rules-calls-
nproc. The utility is used to log the number of processors.
* d/control: Regenerate.
openjdk-17-crac (17.0.17+10-0ubuntu1) resolute; urgency=medium
* New release based on OpenJDK 17.0.17 release, build 10.
- CVEs:
+ CVE-2025-53057, 8360937: Enhance certificate handling.
+ CVE-2025-53066, 8356294: Enhance Path Factories.
* d/control: enable building with gcc-15.
* d/t/jtreg-autopkgtest.*: Force utf-8 encoding.
* d/rules: sync with d/rules from openjdk-17.
* d/control*,watch.in, rules: support to regenerate d/control.
Date: 2026-01-27 23:05:10.401124+00:00
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Signed-By: John Breton <john.breton at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-17-crac/17.0.18+8-0ubuntu1~25.10
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list