Summary: | <dev-java/openjdk{,-jre-bin,-bin}-8.272_p10: Multiple vulnerabilities (CVE-2020-{14779,14781,14782,14792,14796,14797,14798,14803}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gyakovlev, java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://openjdk.java.net/groups/vulnerability/advisories/2020-10-20 | ||
Whiteboard: | A4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 750830 |
Description
John Helmert III
2020-10-23 14:16:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8207cdab845fb91d12e7a8c1f95b6d7a087029c commit d8207cdab845fb91d12e7a8c1f95b6d7a087029c Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-10-23 22:23:18 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-10-23 22:24:53 +0000 dev-java/openjdk-jre-bin: bump to 8.272_p10 Bug: https://bugs.gentoo.org/750833 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-8.272_p10.ebuild | 80 ++++++++++++++++++++++ 2 files changed, 81 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d6575b3d08ddc912897372d3511ea2abaf998c9 commit 5d6575b3d08ddc912897372d3511ea2abaf998c9 Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-10-23 22:19:02 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-10-23 22:19:39 +0000 dev-java/openjdk-bin: bump to 8.272_p10 arm not available yet, will re-add later. Bug: https://bugs.gentoo.org/750833 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> dev-java/openjdk-bin/Manifest | 3 + dev-java/openjdk-bin/openjdk-bin-8.272_p10.ebuild | 91 +++++++++++++++++++++++ 2 files changed, 94 insertions(+) I already bumped source versions of openjdk:8 and openjdk:11 yesterday. so what's left is openjdk-bin:11 and openjdk-bin:8 on arm, but all of that unstable ~ anyway. we can proceed with stabilization of 8.272 bin except x86, and source on amd64 arm64 ppc64 x86 openjdk-bin:11 and openjdk-jre-bin:11 bumped, but should remain unstable ofc. old versions will be cleaned up by the end of next week. only 1 left is openjdk-bin:8 arm, no tarball yet, it's normal for it to arrive later. x86 stable arm64 done ppc64 done amd64 done all arches done cleanup done, vulnerable versions gone. Resetting sanity check; package list is empty or all packages are done. This issue was resolved and addressed in GLSA 202101-19 at https://security.gentoo.org/glsa/202101-19 by GLSA coordinator Aaron Bauman (b-man). |