[ubuntu/questing-security] openjdk-21-crac 21.0.11+10-0ubuntu1~25.10.1 (Accepted)

John Breton john.breton at canonical.com
Thu May 28 11:18:28 UTC 2026 

openjdk-21-crac (21.0.11+10-0ubuntu1~25.10.1) questing-security; urgency=medium

  * Upload to Ubuntu 25.10.

openjdk-21-crac (21.0.11+10-0ubuntu1) stonking; urgency=medium

  * New release based on OpenJDK 21.0.11 release, build 10.
    - CVEs:
      + CVE-2026-22016: 8370529: Enhance Path Factories Redux
      + CVE-2026-34282: 8374557: Enhance TLS connection handling
      + CVE-2026-22021: 8371830: Enhance certificate chain validation
      + CVE-2026-22013: 8370615: Improve Kerberos credentialing
      + CVE-2026-23865: 8379158: Update FreeType to 2.14.2
      + CVE-2026-22018: 8370986: Enhance Zip file reading
      + CVE-2026-22007: 8369575: Enhance crypto algorithm support
      + CVE-2026-34268: 8371935: Enhance key generation
  * d/dbg.py: Fix syntax errors in gdb unwinder, do not install unwinder
    for zero, install hotspot unwinder in the correct directory.
    Disable debug traces. Load unwinder in the disabled state.
    Return iterator rather than list from OpenJDKFrameFilter.flatten().
    Remove unused code from NativeMethodInfo.
  * d/t/jtreg-autopkgtest.in: Increase the timeout from 10 to 30 seconds
    on loong64 (zero VM).
  * Ensure that all generated files are up to date:
    - The copyright generator now checks if the current directory contains
      an unpacked OpenJDK tree by verifying the presence of the
      ASSEMBLY_EXCEPTION file.
    - The copyright generator now drops common license text in-memory,
      without running a shell script that modifies the source tree.
    - d/rules: Add targets to generate all files and check that they match
      the ones provided in the source package.
    - d/rules: Add nogen DEB_BUILD_OPTION to disable file regeneration.
  * d/rules: Use '-' instead of '~' in opt version string, swap package
    version and distribution.
  * d/t/jtreg-autopkgtest.in: Increase the timeout from 10 to 30 seconds
    on loong64 (zero VM).
  * Regenerate license and control files.
  * d/rules: Synchornize with_check and any_arches variables with
    openjdk-21.
  * d/p: Synchronize patches with openjdk-21.

openjdk-21-crac (21.0.10+7-0ubuntu1) resolute; urgency=medium

  * New release based on OpenJDK 21.0.10 release, build 7.
    - CVEs:
      + CVE-2026-21945: 8368032: Enhance Certificate Checking.
      + CVE-2026-21932: 8359501: Enhance Handling of URIs.
      + CVE-2026-21933: 8362632: Improve HttpServer Request handling.
      + CVE-2026-21925: 8341496: Improve JMX connections.
  * Update override comments for unstripped-binary-or-object.
    We need to keep symbols for Native Memory Tracking to work.
  * d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override
    for old FSF copyright address.
  * d/s/lintian-overrides: Override false positive debian-rules-calls-
    nproc. The utility is used to log the number of processors.
  * d/p/jdk-8369450-proposed.patch: drop patch applied upstream.

Date: 2026-05-06 20:49:10.124810+00:00
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Signed-By: John Breton <john.breton at canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.11+10-0ubuntu1~25.10.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list