[SECURITY] [DSA 4486-1] openjdk-11 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4486-1] openjdk-11 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 21 Jul 2019 18:05:03 +0000
Message-id: <[🔎] 20190721180503.if66ac2jombrzzcp@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4486-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 21, 2019                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjdk-11
CVE ID         : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786
                 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
resulting in information disclosure, denial of service or bypass of
sandbox restrictions. In addition the implementation of elliptic curve
cryptography was modernised.

For the stable distribution (buster), these problems have been fixed in
version 11.0.4+11-1~deb10u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl00pvIACgkQEMKTtsN8
Tjb0rQ/7BFwskB5NCf54hXlW76WBCWSt/9+SgenZkkteJxdJIqIFBleoXLng09cl
B2fiZQqSSRr3ojvUaJH4gyHki/lS7+3PLYH8Wb12xCo1+t8vjJygDCpElDKHrdit
hoReCQKNoN4zymK0Dr+XpzgWReDjnolxh+yV+JLSbW+Q4oqMd52UfNjzGUJgSF8v
DCIVHIuR1fTPSr+wSab+H1UcOU5wMHp0DjijA4WObTlL4xSx9IPBixfmIP8OkFMK
pTJBemYhutgJspumg3nTcgc07PjqL3OPDs9b/86tmJ7Ms1O91ewn+kdQksHDL2Cu
xBEKaotNNK0XhMNhR8dg9uuDfzpL2ca0hSUg/e24N3WIYEzSkN4JLO2AoaFgB0pA
80yItXAPV/yqpYGsfd2OGlzRAhjimmEEz7bSm5k2n91krv5C8Wt9UlxbiW2ZRCqk
f+SohqwPThT29HQTRujLFS8Q5FnsgC4UWR6Zb3GrQmVy4X7bXOdMaod09XB3oteF
q2cBaKH0doEH/oZYIxs1Z4OYyO114Ot25eKh53ebrZd2UQnzmYv7WPVUY4m6nTVX
TFX+LCYBlQy+PWZZjw4nxnVzCWhIi2J8SGVGHxoPfxZzrKG6hRRGGmVZSvlSDcER
C0ObeLGKyQLi8b4ycJOjHdnVxAiZlQRbtWzCr+Ytu7Ak48hDGT4=
=bZ5f
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4485-1] openjdk-8 security update
Next by Date: [SECURITY] [DSA 4487-1] neovim security update
Previous by thread: [SECURITY] [DSA 4485-1] openjdk-8 security update
Next by thread: [SECURITY] [DSA 4487-1] neovim security update
Index(es):
- Date
- Thread