| Package | openjdk-8 |
|---|---|
| Version | 8u472-ga-1~deb9u1 (stretch) |
| Related CVEs | CVE-2025-53057 CVE-2025-53066 |
Two vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in XML external entity injection attacks or incorrect certificate validation.
For Debian 9 stretch, these problems have been fixed in version 8u472-ga-1~deb9u1.
We recommend that you upgrade your openjdk-8 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.