Summary: | <dev-java/oracle-jdk-bin-1.8.0.171:1.8, <dev-java/oracle-jre-bin-1.8.0.171:1.8, dev-java/oracle-jdk-bin:9, dev-java/oracle-jre-bin:9: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Manuel Ullmann <labre> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ap, java |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
dev-java/oracle-jdk-bin-1.8.0.172 amd64 x86
dev-java/oracle-jre-bin-1.8.0.172 amd64 x86
|
Runtime testing required: | --- |
Description
Manuel Ullmann
2018-04-19 20:28:54 UTC
*** Bug 653562 has been marked as a duplicate of this bug. *** Java 8 bumps are on the way, thanks to Manuel. Java 9 is now EOL already so we would need to update to 10. I believe java-config needs fixing to handle the version ordering. I barely have time to even think about this right now. :| Let's just get 8 sorted first. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d827010ce3163e70f8c820e85acc3c6e38ecdd commit d2d827010ce3163e70f8c820e85acc3c6e38ecdd Author: Manuel Ullmann <labre@posteo.de> AuthorDate: 2018-04-19 19:22:36 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2018-04-22 23:01:40 +0000 dev-java/oracle-jre-bin: Security bump to 1.8.0.172 Package-Manager: Portage-2.3.24, Repoman-2.3.6 Bug: https://bugs.gentoo.org/653560 dev-java/oracle-jre-bin/Manifest | 2 + .../oracle-jre-bin/oracle-jre-bin-1.8.0.172.ebuild | 220 +++++++++++++++++++++ 2 files changed, 222 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d86a9fce4f78214f024a6923383218ef80ec8ad2 commit d86a9fce4f78214f024a6923383218ef80ec8ad2 Author: Manuel Ullmann <labre@posteo.de> AuthorDate: 2018-04-19 19:19:10 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2018-04-22 23:01:34 +0000 dev-java/oracle-jdk-bin: Security bump to 1.8.0.172 Package-Manager: Portage-2.3.24, Repoman-2.3.6 Bug: https://bugs.gentoo.org/653560 Closes: https://github.com/gentoo/gentoo/pull/8076 dev-java/oracle-jdk-bin/Manifest | 14 + .../oracle-jdk-bin/oracle-jdk-bin-1.8.0.172.ebuild | 301 +++++++++++++++++++++ 2 files changed, 315 insertions(+)} Java 8 is bumped, arch teams please stabilise. amd64 stable x86 stable @ Maintainer(s): Please cleanup! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=924eaeb0261360612df8780e17e8c432a5e73702 commit 924eaeb0261360612df8780e17e8c432a5e73702 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2018-04-25 20:43:02 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2018-04-25 20:43:02 +0000 dev-java/oracle-jre-bin: Drop vulnerable 1.8.0.162-r1 Bug: https://bugs.gentoo.org/653560 Package-Manager: Portage-2.3.31, Repoman-2.3.9 dev-java/oracle-jre-bin/Manifest | 2 - .../oracle-jre-bin-1.8.0.162-r1.ebuild | 220 --------------------- 2 files changed, 222 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb62a19820abd5e4a1f761765ccac2627ca0197f commit eb62a19820abd5e4a1f761765ccac2627ca0197f Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2018-04-25 20:42:12 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2018-04-25 20:42:12 +0000 dev-java/oracle-jdk-bin: Drop vulnerable 1.8.0.162-r1 Bug: https://bugs.gentoo.org/653560 Package-Manager: Portage-2.3.31, Repoman-2.3.9 dev-java/oracle-jdk-bin/Manifest | 14 - .../oracle-jdk-bin-1.8.0.162-r1.ebuild | 301 --------------------- 2 files changed, 315 deletions(-)} That's the vulnerable Java 8 versions dropped. I don't have time to deal with 9 right now. If someone could put forward a bump to 10, that would help a lot but I'll still have to deal with java-config. both dev-java/oracle-jdk-bin:9 and dev-java/oracle-jre-bin:9 are gone now: commit 5a3351a36469f37a21d660639fef0f8045ea50cd (HEAD -> master, origin/master, origin/HEAD) Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Thu Jan 17 10:50:08 2019 +0100 dev-java/oracle-jdk-bin-9.0.4: removed (security issues #653560) Package-Manager: Portage-2.3.56, Repoman-2.3.12 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> commit 6624b07b579b5507d3bbf62ba4f1ab5c2852e02a Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Thu Jan 17 10:22:58 2019 +0100 dev-java/oracle-jre-bin-9.0.4: removed (security issues #653560) Package-Manager: Portage-2.3.56, Repoman-2.3.12 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201903-14 at https://security.gentoo.org/glsa/201903-14 by GLSA coordinator Aaron Bauman (b-man). |