Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 784611 (CVE-2021-2161, CVE-2021-2163)

Summary: <dev-java/openjdk{,-bin,-jre-bin}-{8.292_p10,11.0.11_p9}: multiple vulnerabilities (CVE-2021-{2161,2163})
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: emily.rowlands+gentoo, gyakovlev, java
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://openjdk.java.net/groups/vulnerability/advisories/2021-04-20
Whiteboard: B3 [glsa?]
Package list:
dev-java/openjdk-8.292_p10 dev-java/openjdk-bin-8.292_p10 amd64 arm64 ppc64 dev-java/openjdk-jre-bin-8.292_p10 amd64
Runtime testing required: ---
Bug Depends on: 776676    
Bug Blocks:    

Description John Helmert III gentoo-dev Security 2021-04-21 00:33:35 UTC
Seems like no details yet, but fixes are out according to the ML advisory (https://mail.openjdk.java.net/pipermail/vuln-announce/2021-April/000011.html):

These issues have been addressed, as applicable, in the following releases:
  7u301, 8u292, 11.0.11, 13.0.7, 15.0.3, and 16.0.1

Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2021-04-25 15:13:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f9137bf0ae7602c806a754cc55063c7363f7bd9

commit 5f9137bf0ae7602c806a754cc55063c7363f7bd9
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-04-25 14:51:01 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-04-25 15:06:52 +0000

    dev-java/openjdk-jre-bin: bump to 11.0.11_p9
    
    Bug: https://bugs.gentoo.org/784611
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  1 +
 .../openjdk-jre-bin-11.0.11_p9.ebuild              | 97 ++++++++++++++++++++++
 2 files changed, 98 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1dea32724ea7fe8e78877a1e480c4903c600070

commit e1dea32724ea7fe8e78877a1e480c4903c600070
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-04-25 14:50:17 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-04-25 15:06:47 +0000

    dev-java/openjdk-jre-bin: bump to 8.292_p10
    
    Bug: https://bugs.gentoo.org/784611
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-jre-bin/Manifest                  |  1 +
 .../openjdk-jre-bin-8.292_p10.ebuild               | 80 ++++++++++++++++++++++
 2 files changed, 81 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=823327a6fb666c00777d57cd7e2d69ced9e5fd46

commit 823327a6fb666c00777d57cd7e2d69ced9e5fd46
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-04-25 14:49:24 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-04-25 15:06:41 +0000

    dev-java/openjdk: bump to 11.0.11_p9
    
    Bug: https://bugs.gentoo.org/784611
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                  |   1 +
 dev-java/openjdk/openjdk-11.0.11_p9.ebuild | 272 +++++++++++++++++++++++++++++
 2 files changed, 273 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2aebb6c522a07a3df9e985ae45d165fa2cc2f777

commit 2aebb6c522a07a3df9e985ae45d165fa2cc2f777
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-04-25 14:45:28 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-04-25 15:06:36 +0000

    dev-java/openjdk: bump to 8.292_p10
    
    Bug: https://bugs.gentoo.org/784611
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                 |  16 ++
 dev-java/openjdk/openjdk-8.292_p10.ebuild | 253 ++++++++++++++++++++++++++++++
 2 files changed, 269 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55468f86b0a3a28746723d73229acd18b0a8dcd2

commit 55468f86b0a3a28746723d73229acd18b0a8dcd2
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-04-25 14:30:39 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-04-25 15:06:29 +0000

    dev-java/openjdk-bin: bump to 11.0.11_p9
    
    Bug: https://bugs.gentoo.org/784611
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                      |   5 +
 dev-java/openjdk-bin/openjdk-bin-11.0.11_p9.ebuild | 132 +++++++++++++++++++++
 2 files changed, 137 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a094b1462b32192cbdbe8e3c1a5d5c440898cc7c

commit a094b1462b32192cbdbe8e3c1a5d5c440898cc7c
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-04-25 14:29:04 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-04-25 15:06:13 +0000

    dev-java/openjdk-bin: bump to 8.292_p10
    
    arm32 will be added later
    
    Bug: https://bugs.gentoo.org/784611
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk-bin/Manifest                     |   4 +
 dev-java/openjdk-bin/openjdk-bin-8.292_p10.ebuild | 119 ++++++++++++++++++++++
 2 files changed, 123 insertions(+)
Comment 2 Georgy Yakovlev gentoo-dev 2021-04-25 15:16:46 UTC
let's give it couple days to settle and I'll add arches to CC for stabilization.
Comment 3 John Helmert III gentoo-dev Security 2021-04-25 23:41:39 UTC
(In reply to Georgy Yakovlev from comment #2)
> let's give it couple days to settle and I'll add arches to CC for
> stabilization.

Thanks!
Comment 4 Georgy Yakovlev gentoo-dev 2021-04-27 18:30:05 UTC
cleanup of :11 done
Comment 5 Georgy Yakovlev gentoo-dev 2021-04-27 18:32:27 UTC
ppc64 done
Comment 6 Georgy Yakovlev gentoo-dev 2021-04-27 20:14:38 UTC
had to revert cleanup of :11 because of https://bugs.gentoo.org/776676
Comment 7 Sam James archtester gentoo-dev Security 2021-04-27 20:44:44 UTC Comment hidden (obsolete)
Comment 8 Georgy Yakovlev gentoo-dev 2021-04-27 21:56:37 UTC
moar spam: cleanup of :11 done again =)
Comment 9 Agostino Sarubbo gentoo-dev 2021-05-09 09:17:44 UTC
x86 stable
Comment 10 Sam James archtester gentoo-dev Security 2021-05-15 18:00:10 UTC
arm64 done

all arches done
Comment 11 John Helmert III gentoo-dev Security 2021-05-16 02:50:14 UTC
Please cleanup, thanks!
Comment 12 Georgy Yakovlev gentoo-dev 2021-05-25 18:56:17 UTC
cleanup done
Comment 13 John Helmert III gentoo-dev Security 2021-05-25 20:10:59 UTC
Thanks!