+++ This bug was initially created as a clone of Bug #546678 +++ Oracle JRE/JDK 8u51 was released with fixes of critical security fixes. The list of vulnerability reports: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA Reproducible: Always
Looks like a duplicate of bug 554886.
Thanks for the duplicate. Next time, don't search based on the version that fixes the vulnerability. You're supposed to put the version *with* the vulnerability in the title. *** This bug has been marked as a duplicate of bug 554886 ***
Jep! You are right! Sorry, have not found that when searching!
(In reply to James Le Cuirot from comment #2) > Thanks for the duplicate. Next time, don't search based on the version that > fixes the vulnerability. You're supposed to put the version *with* the > vulnerability in the title. > > *** This bug has been marked as a duplicate of bug 554886 *** It's a bit weird. I mean it's a common practice for security team to submit bugs with a *range* of broken versions like >x and <=y or, just <y if all previous versions are affected and the fix is already available. Like here: https://bugs.gentoo.org/buglist.cgi?component=Vulnerabilities&list_id=2857648&query_format=advanced&resolution=---
(In reply to Mike Limansky from comment #4) > It's a bit weird. I mean it's a common practice for security team to submit > bugs with a *range* of broken versions like >x and <=y or, just <y if all > previous versions are affected and the fix is already available. Fair enough. I realised after posting that what I said was probably inaccurate and I missed the < on the title of this one. Apologies for my dupe rage.