-
Bug
-
Resolution: Done
-
Major
-
6.4.12.GA
-
None
-
None
-
2019 Week 44-46 (from Okt 28)
Re-build / ship freshmaker images to take care of the multiple openjdk CVE fixes :
- OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos,
8220302) (CVE-2019-2949)
- OpenJDK: Unexpected exception thrown during regular expression processing
in Nashorn (Scripting, 8223518) (CVE-2019-2975)
- OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler
(Networking, 8223892) (CVE-2019-2978)
- OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection
(Networking, 8225298) (CVE-2019-2989)
- OpenJDK: Missing restrictions on use of custom SocketImpl (Networking,
8218573) (CVE-2019-2945)
- OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690)
(CVE-2019-2962)
- OpenJDK: Unexpected exception thrown by Pattern processing crafted
regular expression (Concurrency, 8222684) (CVE-2019-2964)
- OpenJDK: Unexpected exception thrown by XPathParser processing crafted
XPath expression (JAXP, 8223505) (CVE-2019-2973)
- OpenJDK: Unexpected exception thrown by XPath processing crafted XPath
expression (JAXP, 8224532) (CVE-2019-2981)
- OpenJDK: Unexpected exception thrown during Font object deserialization
(Serialization, 8224915) (CVE-2019-2983)
- OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler
(2D, 8225286) (CVE-2019-2987)
- OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292)
(CVE-2019-2988)
- OpenJDK: Excessive memory allocation in CMap when reading TrueType font
(2D, 8225597) (CVE-2019-2992)
- OpenJDK: Insufficient filtering of HTML event attributes in Javadoc
(Javadoc, 8226765) (CVE-2019-2999)