Summary: | <dev-java/oracle-{jdk,jre}-bin-1.8.0.141: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Liferer <liferer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ap, java, jstein, martin.u |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
=dev-java/oracle-jdk-bin-1.8.0.144 amd64 x86
=dev-java/oracle-jre-bin-1.8.0.144 amd64 x86
|
Runtime testing required: | --- |
Description
Liferer
2017-07-19 08:26:27 UTC
*** Bug 625628 has been marked as a duplicate of this bug. *** http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10117 CVE-2017-10118 CVE-2017-10121 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 Unsure about the below CVE numbers, they are for Java advanced management console, but is within the same Jave SE risk matrix. CVE-2017-10104 CVE-2017-10145 Just a quick side note: It would be helpful to keep it as a best practice, NOT to apply clever short forms for multiple packages in the bug summary. It hides the bugs for searches coming from "Related Bugs" at https://packages.gentoo.org/packages/dev-java/oracle-jdk-bin in this case. And how is one supposed to search for packages in bugs then anyway? *dev*java*oracle*???*bin* :-) Thanks. Bumped. amd64 and x86 teams, please stabilize. amd64 stable Apologies to the amd64 team who have already stabilised 1.8.0.141 but Oracle have just put out another release one week later. It's not strictly a security release but we need to get this new one stabilised too because you need an account to download older releases. Stable on amd64. x86 stable Old removed. Security team, do your thing. GLSA Request filed. Gentoo Security Padawan ChrisADR This issue was resolved and addressed in GLSA 201709-22 at https://security.gentoo.org/glsa/201709-22 by GLSA coordinator Aaron Bauman (b-man). |