{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-openjdk":"1.8.0.282-lp152.2.9.1","java-1_8_0-openjdk-accessibility":"1.8.0.282-lp152.2.9.1","java-1_8_0-openjdk-demo":"1.8.0.282-lp152.2.9.1","java-1_8_0-openjdk-devel":"1.8.0.282-lp152.2.9.1","java-1_8_0-openjdk-headless":"1.8.0.282-lp152.2.9.1","java-1_8_0-openjdk-javadoc":"1.8.0.282-lp152.2.9.1","java-1_8_0-openjdk-src":"1.8.0.282-lp152.2.9.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"java-1_8_0-openjdk","purl":"pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.282-lp152.2.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-openjdk fixes the following issues:\n\n- Update to version jdk8u282 (icedtea 3.18.0)\n  * January 2021 CPU (bsc#1181239)\n  * Security fixes\n    + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803)\n  * Import of OpenJDK 8 u282 build 01\n    + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/\n      /bug6738668.java fails under Linux\n    + JDK-8025936: Windows .pdb and .map files does not have proper\n      dependencies setup\n    + JDK-8030350: Enable additional compiler warnings for GCC\n    + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/\n      /DisposeFrameOnDragTest.java fails by Timeout on Windows\n    + JDK-8036122: Fix warning 'format not a string literal'\n    + JDK-8051853: new\n      URI('x/').resolve('..').getSchemeSpecificPart() returns null!\n    + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/\n      /DefaultNoDrop.java locks on Windows\n    + JDK-8134632: Mark javax/sound/midi/Devices/\n      /InitializationHang.java as headful\n    + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;'\n      treated by JVM as an equivalent\n    + JDK-8148916: Mark bug6400879.java as intermittently failing\n    + JDK-8148983: Fix extra comma in changes for JDK-8148916\n    + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java\n      fails\n    + JDK-8165808: Add release barriers when allocating objects\n      with concurrent collection\n    + JDK-8185003: JMX: Add a version of\n      ThreadMXBean.dumpAllThreads with a maxDepth argument\n    + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on\n      windows with VS2017\n    + JDK-8207766: [testbug] Adapt tests for Aix.\n    + JDK-8212070: Introduce diagnostic flag to abort VM on failed\n      JIT compilation\n    + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash\n    + JDK-8215727: Restore JFR thread sampler loop to old /\n      previous behavior\n    + JDK-8220657: JFR.dump does not work when filename is set\n    + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing\n    + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java\n      fails with access issues and OOM\n    + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes()\n      can be quicker for self thread\n    + JDK-8231968: getCurrentThreadAllocatedBytes default\n      implementation s/b getThreadAllocatedBytes\n    + JDK-8232114: JVM crashed at imjpapi.dll in native code\n    + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect\n      numbers for Compiler area\n    + JDK-8234339: replace JLI_StrTok in java_md_solinux.c\n    + JDK-8238448: RSASSA-PSS signature verification fail when\n      using certain odd key sizes\n    + JDK-8242335: Additional Tests for RSASSA-PSS\n    + JDK-8244225: stringop-overflow warning on strncpy call from\n      compile_the_world_in\n    + JDK-8245400: Upgrade to LittleCMS 2.11\n    + JDK-8248214: Add paddings for TaskQueueSuper to reduce\n      false-sharing cache contention\n    + JDK-8249176: Update GlobalSignR6CA test certificates\n    + JDK-8250665: Wrong translation for the month name of May in\n      ar_JO,LB,SY\n    + JDK-8250928: JFR: Improve hash algorithm for stack traces\n    + JDK-8251469: Better cleanup for\n      test/jdk/javax/imageio/SetOutput.java\n    + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData\n      should not be in make/mapfiles/libawt_xawt/mapfile-vers\n    + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider\n      rather than JRE\n    + JDK-8252395: [8u] --with-native-debug-symbols=external\n      doesn't include debuginfo files for binaries\n    + JDK-8252497: Incorrect numeric currency code for ROL\n    + JDK-8252754: Hash code calculation of JfrStackTrace is\n      inconsistent\n    + JDK-8252904: VM crashes when JFR is used and JFR event class\n      is transformed\n    + JDK-8252975: [8u] JDK-8252395 breaks the build for\n      --with-native-debug-symbols=internal\n    + JDK-8253284: Zero OrderAccess barrier mappings are incorrect\n    + JDK-8253550: [8u] JDK-8252395 breaks the build for make\n      STRIP_POLICY=no_strip\n    + JDK-8253752: test/sun/management/jmxremote/bootstrap/\n      /RmiBootstrapTest.java fails randomly\n    + JDK-8254081: java/security/cert/PolicyNode/\n      /GetPolicyQualifiers.java fails due to an expired certificate\n    + JDK-8254144: Non-x86 Zero builds fail with return-type\n      warning in os_linux_zero.cpp\n    + JDK-8254166: Zero: return-type warning in\n       zeroInterpreter_zero.cpp\n    + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/\n      /WorkerDeadlockTest.java fails\n    + JDK-8255003: Build failures on Solaris\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2021:0374-1","modified":"2021-03-03T02:13:54Z","published":"2021-03-03T02:13:54Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IE6Q2IB2YXUXIWFBPF2P2FIHVNJLBUPC/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181239"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14803"}],"related":["CVE-2020-14803"],"summary":"Security update for java-1_8_0-openjdk","upstream":["CVE-2020-14803"]}