openjdk is vulnerable to information disclosure. It was discovered that the ChaCha20Cipher implementation in the Security component of OpenJDK used non-constant time comparison for comparing tags. A remote attacker could possible use the flaw to leak information about decryption state using the timing information.