| Errata ID | 580 |
|---|---|
| Date | 2020-05-06 |
| Source package | openjdk-8 |
| Fixed in version | 8u252-b09-1~deb9u1 |
| Description | This update addresses the following issues: * Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) * Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) |
| Additional notes | |
| CVE ID | CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 |
| UCS Bug number | #51206 |
