[ubuntu/questing-updates] openjdk-17 17.0.19+10-1~25.10.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu May 28 05:31:03 UTC 2026 

openjdk-17 (17.0.19+10-1~25.10.2) questing-security; urgency=medium

  * Upload to Ubuntu 25.10.
  * d/rules: Do not validate control files for the old releases.

openjdk-17 (17.0.19+10-1) unstable; urgency=medium

  * OpenJDK 17.0.19 release, build 10.
    - CVEs:
      + CVE-2026-22016: 8370529: Enhance Path Factories Redux
      + CVE-2026-34282: 8374557: Enhance TLS connection handling
      + CVE-2026-22021: 8371830: Enhance certificate chain validation
      + CVE-2026-22013: 8370615: Improve Kerberos credentialing
      + CVE-2026-23865: 8379158: Update FreeType to 2.14.2
      + CVE-2026-22018: 8370986: Enhance Zip file reading
      + CVE-2026-22007: 8369575: Enhance crypto algorithm support
      + CVE-2026-34268: 8371935: Enhance key generation
  * d/rules: Check generated files only on amd64. This resolves riscv64
    ftbfs, as some architectures change with_check flag.
  * d/t/problems.csv: Fix typo in loong64 excluded tests lists.
  * Add common GPL and Apache license headers to copyright generator.
  * d/copyright: Regenerate.

openjdk-17 (17.0.19~9ea-2) unstable; urgency=medium

  * Ensure that all generated files are up to date:
    - The copyright generator now checks if the current directory contains
      an unpacked OpenJDK tree by verifying the presence of the
      ASSEMBLY_EXCEPTION file.
    - The copyright generator now drops common license text in-memory,
      without running a shell script that modifies the source tree.
    - d/rules: Add targets to generate all files and check that they match
      the ones provided in the source package.
    - d/rules: Add nogen DEB_BUILD_OPTION to disable file regeneration.
  * d/rules: Use '-' instead of '~' in opt version string, swap package
    version and distribution.

openjdk-17 (17.0.19~9ea-1) unstable; urgency=medium

  * OpenJDK 17.0.19 early access, build 9.
  * d/rules: Revert replace '~' with '-' in the optional version string.
    This should be resolved upstream.
  * d/t/problems.csv: Update problem list.

openjdk-17 (17.0.19~6ea-1) unstable; urgency=medium

  * OpenJDK 17.0.19 early access, build 6.
  * d/rules: Replace '~' with '-' in the optional version string.
  * d/dbg.py: Fix syntax errors in gdb unwinder, do not install unwinder
    for zero, install hotspot unwinder in the correct directory.
    Disable debug traces. Load unwinder in the disabled state.
    Return iterator rather than list from OpenJDKFrameFilter.flatten().
    Remove unused code from NativeMethodInfo.

openjdk-17 (17.0.18+8-1) unstable; urgency=medium

  * OpenJDK 17.0.18 release, build 8.
   - CVEs:
      + CVE-2026-21945: 8368032: Enhance Certificate Checking.
      + CVE-2026-21932: 8359501: Enhance Handling of URIs.
      + CVE-2026-21933: 8362632: Improve HttpServer Request handling.
      + CVE-2026-21925: 8341496: Improve JMX connections.

Date: 2026-04-26 09:32:30.877535+00:00
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.19+10-1~25.10.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list