There are several security issues in current Java versions. Please bump to the new ones. This also affect Java 21, which is currently is not in portage yet. Reproducible: Always
Moving the CVEs to the alias field and dropping the versioning from the summary as we don't version the summary until we have a fixed version in tree. Thank you for reporting!
Hi, any news on this one? I used simple bump on my box and have been using java 17.0.9 for 2 months.
What are the affected versions? Presently in the tree are: 8.402_p06-r1 11.0.22_p7 17.0.10_p7 21.0.2_p13
The upstream report is not clear about the versions. I've used the current stable versions similar to bug 925020. Older versions are probably also fixed, but let's go with this and publish both GLSA's together.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d57754cd3fe53161d876a8043ec720ed7f0f1d3d commit d57754cd3fe53161d876a8043ec720ed7f0f1d3d Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-05-15 21:13:52 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-05-17 09:28:04 +0000 dev-java/openjdk: drop 11.0.22_p7 Bug: https://bugs.gentoo.org/925020 Bug: https://bugs.gentoo.org/916211 Bug: https://bugs.gentoo.org/898978 Bug: https://bugs.gentoo.org/833096 Bug: https://bugs.gentoo.org/907680 Bug: https://bugs.gentoo.org/677876 Bug: https://bugs.gentoo.org/927028 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/36690 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk/Manifest | 1 - dev-java/openjdk/openjdk-11.0.22_p7.ebuild | 312 ----------------------------- 2 files changed, 313 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91131f43943639479e42e0fd5a1ea4fbbaf4f708 commit 91131f43943639479e42e0fd5a1ea4fbbaf4f708 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-05-15 21:07:47 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-05-17 09:28:04 +0000 dev-java/openjdk-bin: drop 11.0.22_p7 Bug: https://bugs.gentoo.org/925020 Bug: https://bugs.gentoo.org/916211 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-bin/Manifest | 6 - dev-java/openjdk-bin/openjdk-bin-11.0.22_p7.ebuild | 135 --------------------- 2 files changed, 141 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83181db3d06bdb420ca8cc4bcc7135dbd6286866 commit 83181db3d06bdb420ca8cc4bcc7135dbd6286866 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-05-15 21:04:35 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-05-17 09:28:04 +0000 dev-java/openjdk-jre-bin: drop 11.0.20.1_p1, 17.0.8.1_p1 Bug: https://bugs.gentoo.org/925020 Bug: https://bugs.gentoo.org/916211 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/openjdk-jre-bin/Manifest | 2 - .../openjdk-jre-bin-11.0.20.1_p1.ebuild | 83 ---------------------- .../openjdk-jre-bin-17.0.8.1_p1.ebuild | 83 ---------------------- 3 files changed, 168 deletions(-)
seems no longer to depend on bug #918647