$URL is still pre release announcement but final versions (8u121) are out: This Critical Patch Update contains 17 new security fixes for Oracle Java SE. 16 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 9.6 http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html
Thomas, in the past happens that with the {jdk,jre} form, people file to search and thy file duplicates. Let's specify the entire package names just for oracle jkd/jre cases.
Advisory is now published.
Versions bumped. 1.8.0.111 has already been dropped. There is a single release including arm/arm64 this time. amd64 and x86 teams, please stabilize.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Old removed. Security team, please continue.
New GLSA request filed.
This issue was resolved and addressed in GLSA 201701-65 at https://security.gentoo.org/glsa/201701-65 by GLSA coordinator Thomas Deutschmann (whissi).