Oracle JRE/JDK 7u80 and 8u45 was released with fixes of critical security fixes. The list of vulnerability reports: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA Reproducible: Always
I've bumped v8. Someone else can waste their bandwidth on v7. :P
*** Bug 546888 has been marked as a duplicate of this bug. ***
+*oracle-jdk-bin-1.7.0.80 (17 Apr 2015) + + 17 Apr 2015; Patrice Clement <monsieurp@gentoo.org> + +oracle-jdk-bin-1.7.0.80.ebuild: + Version bump. Fix security bug 546678. +
+*oracle-jre-bin-1.7.0.80 (17 Apr 2015) + + 17 Apr 2015; Patrice Clement <monsieurp@gentoo.org> + +oracle-jre-bin-1.7.0.80.ebuild: + Version bump. Fix security bug 546678. +
+*java-sdk-docs-1.7.0.80 (17 Apr 2015) + + 17 Apr 2015; Patrice Clement <monsieurp@gentoo.org> + +java-sdk-docs-1.7.0.80.ebuild: + Version bump. Fix security bug 546678. + As far as 1.7.0.80 is concerned, I think we're good.
CVE-2015-0492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492): Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. CVE-2015-0491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. CVE-2015-0488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. CVE-2015-0486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486): Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. CVE-2015-0484 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484): Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. CVE-2015-0480 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. CVE-2015-0478 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. CVE-2015-0477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. CVE-2015-0470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470): Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot. CVE-2015-0469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-0460 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2015-0459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459): Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. CVE-2015-0458 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458): Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Done.
Maintainer(s), Thank you for you for cleanup.
Ping! If you're going to do a GLSA for this one, you may want to handle it alongside the more recent vulnerability.
(In reply to James Le Cuirot from comment #10) > Ping! If you're going to do a GLSA for this one, you may want to handle it > alongside the more recent vulnerability. ping^2
We will we bunch up as many vulnerabilities as possible.
This issue was resolved and addressed in GLSA 201603-11 at https://security.gentoo.org/glsa/201603-11 by GLSA coordinator Kristian Fiskerstrand (K_F).
