[ubuntu/questing-updates] openjdk-lts 11.0.31+11-1ubuntu1~25.10.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu May 28 12:35:07 UTC 2026
openjdk-lts (11.0.31+11-1ubuntu1~25.10.2) questing-security; urgency=medium
* Upload to Ubuntu 25.10.
* d/rules: Do not validate control files for the old releases.
openjdk-lts (11.0.31+11-1ubuntu1) stonking; urgency=medium
* OpenJDK 11.0.31 release, build 11.
- CVEs:
+ CVE-2026-22016: 8370529: Enhance Path Factories Redux
+ CVE-2026-34282: 8374557: Enhance TLS connection handling
+ CVE-2026-22021: 8371830: Enhance certificate chain validation
+ CVE-2026-22013: 8370615: Improve Kerberos credentialing
+ CVE-2026-23865: 8379158: Update FreeType to 2.14.2
+ CVE-2026-22018: 8370986: Enhance Zip file reading
+ CVE-2026-22007: 8369575: Enhance crypto algorithm support
+ CVE-2026-34268: 8371935: Enhance key generation
* Ensure that all generated files are up to date:
- The copyright generator now checks if the current directory contains
an unpacked OpenJDK tree by verifying the presence of the
ASSEMBLY_EXCEPTION file.
- The copyright generator now drops common license text in-memory,
without running a shell script that modifies the source tree.
- d/rules: Add targets to generate all files and check that they match
the ones provided in the source package.
- d/rules: Add nogen DEB_BUILD_OPTION to disable file regeneration.
* d/rules: Use '-' instead of '~' in opt version string, swap package
version and distribution.
* Add common GPL and Apache license headers to copyright generator.
* d/t/problems.csv: Synchronize problemlist.
* d/dbg.py: Fix syntax errors in gdb unwinder, do not install unwinder
for zero, install hotspot unwinder in the correct directory.
Disable debug traces. Load unwinder in the disabled state.
Return iterator rather than list from OpenJDKFrameFilter.flatten().
Remove unused code from NativeMethodInfo.
* d/p/jdk-8224796.diff: Drop patch applied upstream.
* d/copyright: Regenerate.
openjdk-lts (11.0.30+7-1ubuntu1) resolute; urgency=medium
* OpenJDK 11.0.30 release, build 7.
- CVEs:
+ CVE-2026-21945: 8368032: Enhance Certificate Checking.
+ CVE-2026-21932: 8359501: Enhance Handling of URIs.
+ CVE-2026-21933: 8362632: Improve HttpServer Request handling.
+ CVE-2026-21925: 8341496: Improve JMX connections.
[ Matthias Klose ]
* d/rules: Adjust any_archs.
[ Pushkar Kulkarni ]
* d/t/jtreg-autopkgtest.*: Use locale name "C.UTF-8" on bionic
and focal.
[ Vladimir Petko ]
* d/p/jdk-8354941-proposed.patch: Drop patch applied upstream.
* Update override comments for unstripped-binary-or-object. We need to
keep symbols for Native Memory Tracking to work.
* d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override
for old FSF copyright address.
* d/s/lintian-overrides: Override false positive debian-rules-calls-
nproc. The utility is used to log the number of processors.
* d/p/jdk-8224796.diff: Apply upstream patch to fix i386 ftbfs
introduced by JDK-8224087 backport.
Date: 2026-04-26 09:28:52.601800+00:00
Changed-By: Vladimir Petko <vladimir.petko at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.31+11-1ubuntu1~25.10.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list