| Summary: | <dev-java/openjdk{,-bin,jre-bin}-{8.442_p06,11.0.26_p4,17.0.14_p7,21.0.6_p7}: possibly unauthorized update, insert or delete access | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Volkmar W. Pogatzki <gentoo> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | gentoo, java |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://openjdk.org/groups/vulnerability/advisories/2025-01-21 | ||
| See Also: |
https://github.com/gentoo/gentoo/pull/40253 https://github.com/gentoo/gentoo/pull/40304 https://github.com/gentoo/gentoo/pull/40358 https://github.com/gentoo/gentoo/pull/40738 |
||
| Whiteboard: | B3 [glsa?] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Volkmar W. Pogatzki
2025-01-24 17:26:19 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2cedd6d383aa0c5e4dafe92870d4650fae24119 commit c2cedd6d383aa0c5e4dafe92870d4650fae24119 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:11:19 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:53 +0000 dev-java/openjdk-jre-bin: add 8.442_p06 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/40304 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-8.442_p06.ebuild | 82 ++++++++++++++++++++++ 2 files changed, 83 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6442126ae24b7d097bd7b435782394e9d1870b52 commit 6442126ae24b7d097bd7b435782394e9d1870b52 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:10:19 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:53 +0000 dev-java/openjdk-jre-bin: add 11.0.26_p4 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-11.0.26_p4.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e348dd7284451cbad8ce1ffa34451fa503c3c354 commit e348dd7284451cbad8ce1ffa34451fa503c3c354 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:09:04 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:52 +0000 dev-java/openjdk-jre-bin: add 17.0.14_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-17.0.14_p7.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dcbd9327bc422500b7e92f10b9b949703784f4b commit 9dcbd9327bc422500b7e92f10b9b949703784f4b Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-25 19:07:42 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 06:07:51 +0000 dev-java/openjdk-jre-bin: add 21.0.6_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 1 + .../openjdk-jre-bin-21.0.6_p7.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09ea07daf3e6e80d9e15c79885f576b565e94b9f commit 09ea07daf3e6e80d9e15c79885f576b565e94b9f Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-22 03:34:45 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:38 +0000 dev-java/openjdk: add 8.442_p06 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/40253 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-8.442_p06.ebuild | 283 ++++++++++++++++++++++++++++++ 2 files changed, 284 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff1f7ee5f98b7c8a0aabbfd80ea07e8705eef2fa commit ff1f7ee5f98b7c8a0aabbfd80ea07e8705eef2fa Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-22 03:29:58 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:38 +0000 dev-java/openjdk: add 11.0.26_p4 - CVE-2025-21502 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-11.0.26_p4.ebuild | 316 +++++++++++++++++++++++++++++ 2 files changed, 317 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a3906ebf737a0b5dcd7eed9372aad80f6df0de2 commit 4a3906ebf737a0b5dcd7eed9372aad80f6df0de2 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-21 22:19:09 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:37 +0000 dev-java/openjdk: add 17.0.14_p7 - CVE-2025-21502 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-17.0.14_p7.ebuild | 325 +++++++++++++++++++++++++++++ 2 files changed, 326 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95d9226673a6865f1bb55c7bc36d1744fc43f957 commit 95d9226673a6865f1bb55c7bc36d1744fc43f957 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-21 22:16:07 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2025-01-26 08:20:37 +0000 dev-java/openjdk: add 21.0.6_p7 - CVE-2025-21502 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 + dev-java/openjdk/openjdk-21.0.6_p7.ebuild | 330 ++++++++++++++++++++++++++++++ 2 files changed, 331 insertions(+) openjdk-bin updates tbd once downloads are complete The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=657c435bd940e7477a4d5658ebd99ff0c7a9a64e commit 657c435bd940e7477a4d5658ebd99ff0c7a9a64e Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-30 20:57:06 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:47 +0000 dev-java/openjdk-bin: add 8.442_p06 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/40358 Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 6 + dev-java/openjdk-bin/openjdk-bin-8.442_p06.ebuild | 130 ++++++++++++++++++++++ 2 files changed, 136 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23374e7a7387a5edef425d85418ccd16f6ae08ac commit 23374e7a7387a5edef425d85418ccd16f6ae08ac Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-28 19:31:25 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:47 +0000 dev-java/openjdk-bin: add 11.0.26_p4 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 6 + dev-java/openjdk-bin/openjdk-bin-11.0.26_p4.ebuild | 134 +++++++++++++++++++++ 2 files changed, 140 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4425a7e4b9b50285036d186eecf963c6670b7a0 commit d4425a7e4b9b50285036d186eecf963c6670b7a0 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-28 08:03:10 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:47 +0000 dev-java/openjdk-bin: add 21.0.6_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 6 + dev-java/openjdk-bin/openjdk-bin-21.0.6_p7.ebuild | 135 ++++++++++++++++++++++ 2 files changed, 141 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a79f9099f575f3b54a0051807a7e27c455f365b commit 6a79f9099f575f3b54a0051807a7e27c455f365b Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-01-27 15:25:23 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-01 14:13:46 +0000 dev-java/openjdk-bin: add 17.0.14_p7 Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 7 ++ dev-java/openjdk-bin/openjdk-bin-17.0.14_p7.ebuild | 135 +++++++++++++++++++++ 2 files changed, 142 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2eca608d7b3d43612a4d51854f6824e04594bf34 commit 2eca608d7b3d43612a4d51854f6824e04594bf34 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-02-24 20:19:21 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-25 16:36:00 +0000 dev-java/openjdk-bin: drop versions Bug: https://bugs.gentoo.org/948666 Closes: https://bugs.gentoo.org/947770 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-bin/Manifest | 25 ---- dev-java/openjdk-bin/openjdk-bin-11.0.25_p9.ebuild | 134 -------------------- .../openjdk-bin/openjdk-bin-17.0.13_p11.ebuild | 135 --------------------- dev-java/openjdk-bin/openjdk-bin-21.0.5_p11.ebuild | 135 --------------------- dev-java/openjdk-bin/openjdk-bin-8.432_p06.ebuild | 130 -------------------- 5 files changed, 559 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c30ee407d9fded4937404340fdd45cc8218a1667 commit c30ee407d9fded4937404340fdd45cc8218a1667 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-02-24 20:17:25 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-25 16:36:00 +0000 dev-java/openjdk: drop versions Bug: https://bugs.gentoo.org/948666 Bug: https://bugs.gentoo.org/947770 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk/Manifest | 4 - dev-java/openjdk/openjdk-11.0.25_p9.ebuild | 316 ------------------------ dev-java/openjdk/openjdk-17.0.13_p11.ebuild | 325 ------------------------- dev-java/openjdk/openjdk-21.0.5_p11-r1.ebuild | 330 -------------------------- dev-java/openjdk/openjdk-8.432_p06.ebuild | 283 ---------------------- 5 files changed, 1258 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be6cc0b3d0d7e165905f4a712839aed6db7d4d87 commit be6cc0b3d0d7e165905f4a712839aed6db7d4d87 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2025-02-24 15:37:28 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2025-02-25 16:35:59 +0000 dev-java/openjdk-jre-bin: drop versions Bug: https://bugs.gentoo.org/948666 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 4 -- .../openjdk-jre-bin-11.0.25_p9.ebuild | 83 ---------------------- .../openjdk-jre-bin-17.0.13_p11.ebuild | 83 ---------------------- .../openjdk-jre-bin-21.0.5_p11.ebuild | 83 ---------------------- .../openjdk-jre-bin-8.432_p06.ebuild | 82 --------------------- 5 files changed, 335 deletions(-) |
