http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA
Bumped. Only 8u65 is available for ARM so I've had to add two versions. We haven't been stabilizing ARM though. amd64 and x86 teams, please stabilize: dev-java/oracle-jdk-bin-1.8.0.66.ebuild dev-java/oracle-jre-bin-1.8.0.66.ebuild
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Clean up done. Security, please continue.
CVE-2015-7840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840): The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. CVE-2015-4916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916): Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. CVE-2015-4911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. CVE-2015-4908 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908): Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. CVE-2015-4906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906): Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. CVE-2015-4903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. CVE-2015-4902 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. CVE-2015-4901 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901): Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. CVE-2015-4893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. CVE-2015-4883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. CVE-2015-4882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. CVE-2015-4881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. CVE-2015-4872 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. CVE-2015-4871 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871): Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. CVE-2015-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868): Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2015-4860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. CVE-2015-4844 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. CVE-2015-4843 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. CVE-2015-4842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. CVE-2015-4840 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840): Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. CVE-2015-4835 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. CVE-2015-4810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810): Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVE-2015-4806 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. CVE-2015-4805 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. CVE-2015-4803 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803): Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. CVE-2015-4734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734): Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201603-11 at https://security.gentoo.org/glsa/201603-11 by GLSA coordinator Kristian Fiskerstrand (K_F).