Fedora: 2020-5708dd5b87 Moderate: OpenJDK 8 Security Fixes

The OpenJDK runtime environment 8.

New in release OpenJDK 8u272 (2020-10-20):

=========================================== Full versions of these release

notes can be found at: * https://mail.openjdk.org/pipermail/jdk8u-dev/2020-October/012817.html *

https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt ##

New features * JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 ##

Security fixes - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve

string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class

- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995,

CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM

Interning - JDK-8241114, CVE-2020-14792: Better range handling -JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685,

CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced

buffer support - JDK-8243302: Advanced class supports - JDK-8244136,

CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain

certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407:

Enhance zoning of times - JDK-8245412: Better class definitions -JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg

processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit -JDK-8253019: Enhanced JPEG decoding ## JDK-8254177: US/Pacific-New Zone name

removed as part of tzdata2020b Following JDK's update to tzdata2020b, the long-obsolete files pacificnew and systemv have been removed. As a result, the

"US/Pacific-New" zone name declared in the pacificnew data file is no longer

available for use. Information regarding the update can be viewed at

https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html

* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-0

- Temporarily roll back tzdata build requirement while tzdata update is still in testing

* Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-0

- Update to aarch64-shenandoah-jdk8u272-b10.

- Switch to GA mode for final release.

- Update release notes for 8u272 release.

- Add backport of JDK-8254177 to update to tzdata 2020b

- Require tzdata 2020b due to resource changes in JDK-8254177

- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302

- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955

su -c 'dnf upgrade --advisory FEDORA-2020-5708dd5b87' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/