Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831446 (CVE-2022-21248, CVE-2022-21271, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21349, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366)

Summary: <dev-java/openjdk{,-jre-bin,-bin}-{8.322_p06,11.0.14_p9,17.0.2_p8}: multiple vulnerabilities (Oracle CPU Jan 2022)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gyakovlev, java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://openjdk.java.net/groups/vulnerability/advisories/2022-01-18
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 832523    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-19 03:49:55 UTC
Affected versions are 17.0.1, 15.0.5, 13.0.9, 11.0.13, 8u312, 7u321 according to URL, so please bump.
Comment 1 Georgy Yakovlev archtester gentoo-dev 2022-01-19 04:18:27 UTC
no new tags as of today yet.
will bump as soon as releases get -ga tags.
Comment 2 Georgy Yakovlev archtester gentoo-dev 2022-01-20 07:25:05 UTC
pushed source versions. no bins yet.
will call for stabilization after bins land and source ebuilds tested. a lot of changes went in this time
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-21 20:08:23 UTC
openjdk{-jre-bin,} fixed in tree in:

8.322_p06 11.0.14_p9

openjdk-bin fixed in tree in:

8.322_p06 11.0.14_p9 17.0.2_p8

So, please cleanup
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-06 22:31:48 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-09-07 03:01:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e1a6765fc7cb3c5afe0b95463f49a9924ef37cab

commit e1a6765fc7cb3c5afe0b95463f49a9924ef37cab
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-09-07 02:52:52 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-07 02:58:08 +0000

    [ GLSA 202209-05 ] OpenJDK: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/784611
    Bug: https://bugs.gentoo.org/803605
    Bug: https://bugs.gentoo.org/831446
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202209-05.xml | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-07 03:19:17 UTC
GLSA released, all done!