GCVE-VVD-MAGEIA-2019-302

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945) Improper handling of Kerberos proxy credentials (Kerberos, 8220302). (CVE-2019-2949) NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962) Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684). (CVE-2019-2964) Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505). (CVE-2019-2973) Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518). (CVE-2019-2975) Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892). (CVE-2019-2978) Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532). (CVE-2019-2981) Unexpected exception thrown during Font object deserialization (Serialization, 8224915). (CVE-2019-2983) Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286). (CVE-2019-2987) Integer overflow in bounds check in SunGraphics2D (2D, 8225292). (CVE-2019-2988) Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298). (CVE-2019-2989) Excessive memory allocation in CMap when reading TrueType font (2D, 8225597). (CVE-2019-2992) Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765). (CVE-2019-2999)