[ubuntu/questing-updates] openjdk-17-crac 17.0.19+10-0ubuntu1~25.10.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu May 28 12:35:03 UTC 2026 

openjdk-17-crac (17.0.19+10-0ubuntu1~25.10.1) questing-security; urgency=medium

  * Upload to Ubuntu 25.10.

openjdk-17-crac (17.0.19+10-0ubuntu1) stonking; urgency=medium

  * New release based on OpenJDK 17.0.19 release, build 10.
    - CVEs:
      + CVE-2026-22016: 8370529: Enhance Path Factories Redux
      + CVE-2026-34282: 8374557: Enhance TLS connection handling
      + CVE-2026-22021: 8371830: Enhance certificate chain validation
      + CVE-2026-22013: 8370615: Improve Kerberos credentialing
      + CVE-2026-23865: 8379158: Update FreeType to 2.14.2
      + CVE-2026-22018: 8370986: Enhance Zip file reading
      + CVE-2026-22007: 8369575: Enhance crypto algorithm support
      + CVE-2026-34268: 8371935: Enhance key generation
  * Ensure that all generated files are up to date:
    - The copyright generator now checks if the current directory contains
      an unpacked OpenJDK tree by verifying the presence of the
      ASSEMBLY_EXCEPTION file.
    - The copyright generator now drops common license text in-memory,
      without running a shell script that modifies the source tree.
    - d/rules: Add targets to generate all files and check that they match
      the ones provided in the source package.
    - d/rules: Add nogen DEB_BUILD_OPTION to disable file regeneration.
  * d/rules: Use '-' instead of '~' in opt version string, swap package
    version and distribution.
  * d/dbg.py: Fix syntax errors in gdb unwinder, do not install unwinder
    for zero, install hotspot unwinder in the correct directory.
    Disable debug traces. Load unwinder in the disabled state.
    Return iterator rather than list from OpenJDKFrameFilter.flatten().
    Remove unused code from NativeMethodInfo.
  * d/p: Refresh patches.
  * d/copyright: Regenerate.
  * d/rules: Synchronize with_check condition with openjdk-17.

openjdk-17-crac (17.0.18+8-0ubuntu1) resolute; urgency=medium

  * New release based on OpenJDK 17.0.17 release, build 8.
    - CVEs:
      + CVE-2026-21945: 8368032: Enhance Certificate Checking.
      + CVE-2026-21932: 8359501: Enhance Handling of URIs.
      + CVE-2026-21933: 8362632: Improve HttpServer Request handling.
      + CVE-2026-21925: 8341496: Improve JMX connections.

  [ Pushkar Kulkarni ]
  * d/t/jtreg-autopkgtest.*: use locale name "C.UTF-8" on bionic
    and focal.

  [ Vladimir Petko ]
  * d/p/jdk-8369450-proposed.patch: Drop patch applied upstream.
  * Update override comments for unstripped-binary-or-object. We need to
    keep symbols for Native Memory Tracking to work.
  * d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override
    for old FSF copyright address.
  * d/s/lintian-overrides: Override false positive debian-rules-calls-
    nproc. The utility is used to log the number of processors.
  * d/control: Regenerate.

Date: 2026-05-06 20:44:10.235916+00:00
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-17-crac/17.0.19+10-0ubuntu1~25.10.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list