Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 803605 - <dev-java/openjdk{,-jre-bin,-bin}-{8.312_p07, 11.0.13_p8}: multiple vulnerabilities (CVE-2021-{2341,2369,2388,2432})
Summary: <dev-java/openjdk{,-jre-bin,-bin}-{8.312_p07, 11.0.13_p8}: multiple vulnerabi...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.oracle.com/security-alert...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 827554
Blocks: CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432 CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
  Show dependency tree
 
Reported: 2021-07-24 01:33 UTC by John Helmert III
Modified: 2022-09-07 03:19 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-24 01:33:18 UTC
See tracker for details. Seems like all OpenJDK packages in tree are good for these vulnerabilities?
Comment 1 Georgy Yakovlev archtester gentoo-dev 2021-07-27 01:15:51 UTC
openjdk-11 stable and is affected. will be bumping to 11.0.12 today.
openjdk-8.282 we do not have at all, but it also gets a bump to 8.302 today.
Comment 2 Larry the Git Cow gentoo-dev 2021-07-27 01:26:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac28226c18975c211b7c5138980d9fc68dce9ebc

commit ac28226c18975c211b7c5138980d9fc68dce9ebc
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-07-27 01:13:36 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-07-27 01:23:54 +0000

    dev-java/openjdk: add 11.0.12_p7
    
    Bug: https://bugs.gentoo.org/803605
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                  |   1 +
 dev-java/openjdk/openjdk-11.0.12_p7.ebuild | 275 +++++++++++++++++++++++++++++
 2 files changed, 276 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be4e238f48ff45815c2a5a37b09edec7c0030118

commit be4e238f48ff45815c2a5a37b09edec7c0030118
Author:     Georgy Yakovlev <gyakovlev@gentoo.org>
AuthorDate: 2021-07-27 01:05:14 +0000
Commit:     Georgy Yakovlev <gyakovlev@gentoo.org>
CommitDate: 2021-07-27 01:23:52 +0000

    dev-java/openjdk: add 8.302_p08
    
    Bug: https://bugs.gentoo.org/803605
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

 dev-java/openjdk/Manifest                 |  16 ++
 dev-java/openjdk/files/openjdk-8.env.sh   |   2 +-
 dev-java/openjdk/openjdk-8.302_p08.ebuild | 253 ++++++++++++++++++++++++++++++
 3 files changed, 270 insertions(+), 1 deletion(-)
Comment 3 Georgy Yakovlev archtester gentoo-dev 2021-07-27 01:27:47 UTC
also adoptopenjdk moves to eclipse and re-branding as temurin/adoptium, we do not have -bin packages yet as they haven't published them yet.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-27 02:55:22 UTC
Thanks!
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:20:31 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:28:34 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 17:36:33 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 17:44:36 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-07-29 17:52:40 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-07-29 17:56:35 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 18:00:35 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 18:08:52 UTC
Package list is empty or all packages have requested keywords.
Comment 13 Georgy Yakovlev archtester gentoo-dev 2021-12-01 11:47:12 UTC
cleanup done
Comment 14 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-01 23:22:56 UTC
Thanks!
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-06 22:31:37 UTC
GLSA request filed
Comment 16 Larry the Git Cow gentoo-dev 2022-09-07 03:01:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e1a6765fc7cb3c5afe0b95463f49a9924ef37cab

commit e1a6765fc7cb3c5afe0b95463f49a9924ef37cab
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-09-07 02:52:52 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-07 02:58:08 +0000

    [ GLSA 202209-05 ] OpenJDK: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/784611
    Bug: https://bugs.gentoo.org/803605
    Bug: https://bugs.gentoo.org/831446
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202209-05.xml | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
Comment 17 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-07 03:19:57 UTC
GLSA released, all done!