Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 645268 (CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663) - <dev-java/oracle-jdk-bin-1.8.0.161:1.8, <dev-java/oracle-jre-bin-1.8.0.161:1.8, <dev-java/oracle-jdk-bin-9.0.4:9, <dev-java/oracle-jre-bin-9.0.4:9: Multiple vulnerabilities
Summary: <dev-java/oracle-jdk-bin-1.8.0.161:1.8, <dev-java/oracle-jre-bin-1.8.0.161:1....
Status: RESOLVED FIXED
Alias: CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/sec...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on: 644972 644976
Blocks:
  Show dependency tree
 
Reported: 2018-01-21 17:04 UTC by James Le Cuirot
Modified: 2018-03-19 00:58 UTC (History)
0 users

See Also:
Package list:
dev-java/oracle-jdk-bin-1.8.0.162 amd64 x86 dev-java/oracle-jre-bin-1.8.0.162 amd64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Le Cuirot gentoo-dev 2018-01-21 17:04:42 UTC
The vulnerabilities are the same for Java 8 and 9. Please be careful with the SLOTs when creating the GLSAs. We are not stabilising Java 9 at this time. I have already done the bumps thanks to a pull request from a user. I also backported the improvements I previously made to the Java 9 ebuilds so watch out for breakages there.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-01-21 21:08:46 UTC
x86 stable
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-01-22 14:43:08 UTC
CVE-2018-2663 (https://nvd.nist.gov/vuln/detail/CVE-2018-2663):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: Libraries). Supported versions that are affected are
  Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks require human interaction from a
  person other than the attacker. Successful attacks of this vulnerability can
  result in unauthorized ability to cause a partial denial of service (partial
  DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies
  to client and server deployment of Java. This vulnerability can be exploited
  through sandboxed Java Web Start applications and sandboxed Java applets. It
  can also be exploited by supplying data to APIs in the specified Component
  without using sandboxed Java Web Start applications or sandboxed Java
  applets, such as through a web service. CVSS 3.0 Base Score 4.3
  (Availability impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVE-2018-2641 (https://nvd.nist.gov/vuln/detail/CVE-2018-2641):
  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
  (subcomponent: AWT). Supported versions that are affected are Java SE:
  6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit
  vulnerability allows unauthenticated attacker with network access via
  multiple protocols to compromise Java SE, Java SE Embedded. Successful
  attacks require human interaction from a person other than the attacker and
  while the vulnerability is in Java SE, Java SE Embedded, attacks may
  significantly impact additional products. Successful attacks of this
  vulnerability can result in unauthorized creation, deletion or modification
  access to critical data or all Java SE, Java SE Embedded accessible data.
  Note: This vulnerability applies to Java deployments, typically in clients
  running sandboxed Java Web Start applications or sandboxed Java applets,
  that load and run untrusted code (e.g., code that comes from the internet)
  and rely on the Java sandbox for security. This vulnerability does not apply
  to Java deployments, typically in servers, that load and run only trusted
  code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1
  (Integrity impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).

CVE-2018-2639 (https://nvd.nist.gov/vuln/detail/CVE-2018-2639):
  Vulnerability in the Java SE component of Oracle Java SE (subcomponent:
  Deployment). Supported versions that are affected are Java SE: 8u152 and
  9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE. Successful
  attacks require human interaction from a person other than the attacker and
  while the vulnerability is in Java SE, attacks may significantly impact
  additional products. Successful attacks of this vulnerability can result in
  takeover of Java SE. Note: This vulnerability applies to Java deployments,
  typically in clients running sandboxed Java Web Start applications or
  sandboxed Java applets, that load and run untrusted code (e.g., code that
  comes from the internet) and rely on the Java sandbox for security. This
  vulnerability does not apply to Java deployments, typically in servers, that
  load and run only trusted code (e.g., code installed by an administrator).
  CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability
  impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVE-2018-2638 (https://nvd.nist.gov/vuln/detail/CVE-2018-2638):
  Vulnerability in the Java SE component of Oracle Java SE (subcomponent:
  Deployment). Supported versions that are affected are Java SE: 8u152 and
  9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE. Successful
  attacks require human interaction from a person other than the attacker and
  while the vulnerability is in Java SE, attacks may significantly impact
  additional products. Successful attacks of this vulnerability can result in
  takeover of Java SE. Note: This vulnerability applies to Java deployments,
  typically in clients running sandboxed Java Web Start applications or
  sandboxed Java applets, that load and run untrusted code (e.g., code that
  comes from the internet) and rely on the Java sandbox for security. This
  vulnerability does not apply to Java deployments, typically in servers, that
  load and run only trusted code (e.g., code installed by an administrator).
  CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability
  impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVE-2018-2637 (https://nvd.nist.gov/vuln/detail/CVE-2018-2637):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: JMX). Supported versions that are affected are Java
  SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks of this vulnerability can result in
  unauthorized creation, deletion or modification access to critical data or
  all Java SE, Java SE Embedded, JRockit accessible data as well as
  unauthorized access to critical data or complete access to all Java SE, Java
  SE Embedded, JRockit accessible data. Note: This vulnerability can only be
  exploited by supplying data to APIs in the specified Component without using
  Untrusted Java Web Start applications or Untrusted Java applets, such as
  through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and
  Integrity impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-01-22 14:43:37 UTC
CVE-2018-2634 (https://nvd.nist.gov/vuln/detail/CVE-2018-2634):
  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
  (subcomponent: JGSS). Supported versions that are affected are Java SE:
  7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit
  vulnerability allows unauthenticated attacker with network access via
  multiple protocols to compromise Java SE, Java SE Embedded. While the
  vulnerability is in Java SE, Java SE Embedded, attacks may significantly
  impact additional products. Successful attacks of this vulnerability can
  result in unauthorized access to critical data or complete access to all
  Java SE, Java SE Embedded accessible data. Note: This vulnerability applies
  to Java deployments, typically in clients running sandboxed Java Web Start
  applications or sandboxed Java applets, that load and run untrusted code
  (e.g., code that comes from the internet) and rely on the Java sandbox for
  security. This vulnerability does not apply to Java deployments, typically
  in servers, that load and run only trusted code (e.g., code installed by an
  administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS
  Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

CVE-2018-2633 (https://nvd.nist.gov/vuln/detail/CVE-2018-2633):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: JNDI). Supported versions that are affected are Java
  SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks require human interaction from a
  person other than the attacker and while the vulnerability is in Java SE,
  Java SE Embedded, JRockit, attacks may significantly impact additional
  products. Successful attacks of this vulnerability can result in takeover of
  Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to
  client and server deployment of Java. This vulnerability can be exploited
  through sandboxed Java Web Start applications and sandboxed Java applets. It
  can also be exploited by supplying data to APIs in the specified Component
  without using sandboxed Java Web Start applications or sandboxed Java
  applets, such as through a web service. CVSS 3.0 Base Score 8.3
  (Confidentiality, Integrity and Availability impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVE-2018-2629 (https://nvd.nist.gov/vuln/detail/CVE-2018-2629):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: JGSS). Supported versions that are affected are Java
  SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks require human interaction from a
  person other than the attacker. Successful attacks of this vulnerability can
  result in unauthorized creation, deletion or modification access to critical
  data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This
  vulnerability applies to client and server deployment of Java. This
  vulnerability can be exploited through sandboxed Java Web Start applications
  and sandboxed Java applets. It can also be exploited by supplying data to
  APIs in the specified Component without using sandboxed Java Web Start
  applications or sandboxed Java applets, such as through a web service. CVSS
  3.0 Base Score 5.3 (Integrity impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

CVE-2018-2627 (https://nvd.nist.gov/vuln/detail/CVE-2018-2627):
  Vulnerability in the Java SE component of Oracle Java SE (subcomponent:
  Installer). Supported versions that are affected are Java SE: 8u152 and
  9.0.1. Difficult to exploit vulnerability allows low privileged attacker
  with logon to the infrastructure where Java SE executes to compromise Java
  SE. Successful attacks require human interaction from a person other than
  the attacker and while the vulnerability is in Java SE, attacks may
  significantly impact additional products. Successful attacks of this
  vulnerability can result in takeover of Java SE. Note: This vulnerability
  applies to the Windows installer only. CVSS 3.0 Base Score 7.5
  (Confidentiality, Integrity and Availability impacts). CVSS Vector:
  (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

CVE-2018-2618 (https://nvd.nist.gov/vuln/detail/CVE-2018-2618):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: JCE). Supported versions that are affected are Java
  SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks of this vulnerability can result in
  unauthorized access to critical data or complete access to all Java SE, Java
  SE Embedded, JRockit accessible data. Note: This vulnerability applies to
  client and server deployment of Java. This vulnerability can be exploited
  through sandboxed Java Web Start applications and sandboxed Java applets. It
  can also be exploited by supplying data to APIs in the specified Component
  without using sandboxed Java Web Start applications or sandboxed Java
  applets, such as through a web service. CVSS 3.0 Base Score 5.9
  (Confidentiality impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-01-22 14:43:52 UTC
CVE-2018-2603 (https://nvd.nist.gov/vuln/detail/CVE-2018-2603):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: Libraries). Supported versions that are affected are
  Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks of this vulnerability can result in
  unauthorized ability to cause a partial denial of service (partial DOS) of
  Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to
  client and server deployment of Java. This vulnerability can be exploited
  through sandboxed Java Web Start applications and sandboxed Java applets. It
  can also be exploited by supplying data to APIs in the specified Component
  without using sandboxed Java Web Start applications or sandboxed Java
  applets, such as through a web service. CVSS 3.0 Base Score 5.3
  (Availability impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2018-2602 (https://nvd.nist.gov/vuln/detail/CVE-2018-2602):
  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
  (subcomponent: I18n). Supported versions that are affected are Java SE:
  6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit
  vulnerability allows unauthenticated attacker with logon to the
  infrastructure where Java SE, Java SE Embedded executes to compromise Java
  SE, Java SE Embedded. Successful attacks require human interaction from a
  person other than the attacker. Successful attacks of this vulnerability can
  result in unauthorized update, insert or delete access to some of Java SE,
  Java SE Embedded accessible data as well as unauthorized read access to a
  subset of Java SE, Java SE Embedded accessible data and unauthorized ability
  to cause a partial denial of service (partial DOS) of Java SE, Java SE
  Embedded. Note: This vulnerability applies to Java deployments, typically in
  clients running sandboxed Java Web Start applications or sandboxed Java
  applets, that load and run untrusted code (e.g., code that comes from the
  internet) and rely on the Java sandbox for security. This vulnerability does
  not apply to Java deployments, typically in servers, that load and run only
  trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score
  4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector:
  (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).

CVE-2018-2599 (https://nvd.nist.gov/vuln/detail/CVE-2018-2599):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: JNDI). Supported versions that are affected are Java
  SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks of this vulnerability can result in
  unauthorized update, insert or delete access to some of Java SE, Java SE
  Embedded, JRockit accessible data and unauthorized ability to cause a
  partial denial of service (partial DOS) of Java SE, Java SE Embedded,
  JRockit. Note: This vulnerability applies to client and server deployment of
  Java. This vulnerability can be exploited through sandboxed Java Web Start
  applications and sandboxed Java applets. It can also be exploited by
  supplying data to APIs in the specified Component without using sandboxed
  Java Web Start applications or sandboxed Java applets, such as through a web
  service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS
  Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).

CVE-2018-2588 (https://nvd.nist.gov/vuln/detail/CVE-2018-2588):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: LDAP). Supported versions that are affected are Java
  SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Easily exploitable vulnerability allows low privileged attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks of this vulnerability can result in
  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit
  accessible data. Note: This vulnerability applies to client and server
  deployment of Java. This vulnerability can be exploited through sandboxed
  Java Web Start applications and sandboxed Java applets. It can also be
  exploited by supplying data to APIs in the specified Component without using
  sandboxed Java Web Start applications or sandboxed Java applets, such as
  through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts).
  CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVE-2018-2582 (https://nvd.nist.gov/vuln/detail/CVE-2018-2582):
  Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
  (subcomponent: Hotspot). Supported versions that are affected are Java SE:
  8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability
  allows unauthenticated attacker with network access via multiple protocols
  to compromise Java SE, Java SE Embedded. Successful attacks require human
  interaction from a person other than the attacker. Successful attacks of
  this vulnerability can result in unauthorized creation, deletion or
  modification access to critical data or all Java SE, Java SE Embedded
  accessible data. Note: This vulnerability applies to client and server
  deployment of Java. This vulnerability can be exploited through sandboxed
  Java Web Start applications and sandboxed Java applets. It can also be
  exploited by supplying data to APIs in the specified Component without using
  sandboxed Java Web Start applications or sandboxed Java applets, such as
  through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS
  Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

CVE-2018-2581 (https://nvd.nist.gov/vuln/detail/CVE-2018-2581):
  Vulnerability in the Java SE component of Oracle Java SE (subcomponent:
  JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and
  9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with
  network access via multiple protocols to compromise Java SE. Successful
  attacks require human interaction from a person other than the attacker and
  while the vulnerability is in Java SE, attacks may significantly impact
  additional products. Successful attacks of this vulnerability can result in
  unauthorized read access to a subset of Java SE accessible data. Note: This
  vulnerability applies to Java deployments, typically in clients running
  sandboxed Java Web Start applications or sandboxed Java applets, that load
  and run untrusted code (e.g., code that comes from the internet) and rely on
  the Java sandbox for security. This vulnerability does not apply to Java
  deployments, typically in servers, that load and run only trusted code
  (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7
  (Confidentiality impacts). CVSS Vector:
  (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).

CVE-2018-2579 (https://nvd.nist.gov/vuln/detail/CVE-2018-2579):
  Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
  Java SE (subcomponent: Libraries). Supported versions that are affected are
  Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit:
  R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker
  with network access via multiple protocols to compromise Java SE, Java SE
  Embedded, JRockit. Successful attacks of this vulnerability can result in
  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit
  accessible data. Note: This vulnerability applies to client and server
  deployment of Java. This vulnerability can be exploited through sandboxed
  Java Web Start applications and sandboxed Java applets. It can also be
  exploited by supplying data to APIs in the specified Component without using
  sandboxed Java Web Start applications or sandboxed Java applets, such as
  through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts).
  CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Comment 5 Agostino Sarubbo gentoo-dev 2018-01-23 16:42:36 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 6 Larry the Git Cow gentoo-dev 2018-01-23 21:28:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62252004ab7757d4d677f021fcd3cf84f79cf304

commit 62252004ab7757d4d677f021fcd3cf84f79cf304
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2018-01-23 21:27:59 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2018-01-23 21:27:59 +0000

    dev-java/oracle-jre-bin: Remove vulnerable 1.8.0.152-r1
    
    Bug: https://bugs.gentoo.org/645268
    Package-Manager: Portage-2.3.20, Repoman-2.3.6

 dev-java/oracle-jre-bin/Manifest                   |   2 -
 .../oracle-jre-bin-1.8.0.152-r1.ebuild             | 226 ---------------------
 2 files changed, 228 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ffc35c17c62b590df0408ffe82a352957bf82c87

commit ffc35c17c62b590df0408ffe82a352957bf82c87
Author:     James Le Cuirot <chewi@gentoo.org>
AuthorDate: 2018-01-23 21:26:53 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2018-01-23 21:26:53 +0000

    dev-java/oracle-jdk-bin: Remove vulnerable 1.8.0.152-r1
    
    Bug: https://bugs.gentoo.org/645268
    Package-Manager: Portage-2.3.20, Repoman-2.3.6

 dev-java/oracle-jdk-bin/Manifest                   |  14 -
 .../oracle-jdk-bin-1.8.0.152-r1.ebuild             | 334 ---------------------
 2 files changed, 348 deletions(-)}
Comment 7 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-15 22:00:20 UTC
GLSA Request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-03-19 00:58:25 UTC
This issue was resolved and addressed in
 GLSA 201803-06 at https://security.gentoo.org/glsa/201803-06
by GLSA coordinator Christopher Diaz Riveros (chrisadr).