916211 – (CVE-2023-22025, CVE-2023-22067, CVE-2023-22081) dev-java/openjdk{,-jre-bin,-bin}: multiple vulnerabilities (Oracle CPU Oct 2023)

Bug 916211 (CVE-2023-22025, CVE-2023-22067, CVE-2023-22081) - dev-java/openjdk{,-jre-bin,-bin}: multiple vulnerabilities (Oracle CPU Oct 2023)

Summary: dev-java/openjdk{,-jre-bin,-bin}: multiple vulnerabilities (Oracle CPU Oct 2023)

Status:	CONFIRMED

Alias:	CVE-2023-22025, CVE-2023-22067, CVE-2023-22081

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://openjdk.org/groups/vulnerabil...
Whiteboard:	B2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2023-10-24 08:40 UTC by Mike Limansky
Modified:	2024-04-12 09:44 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Limansky 2023-10-24 08:40:52 UTC

There are several security issues in current Java versions. Please bump to the new ones. This also affect Java 21, which is currently is not in portage yet.

Reproducible: Always

Comment 1 John Helmert III archtester

2023-10-28 21:46:33 UTC

Moving the CVEs to the alias field and dropping the versioning from the summary as we don't version the summary until we have a fixed version in tree.

Thank you for reporting!

Comment 2 Mike Limansky 2024-01-03 15:08:34 UTC

Hi, any news on this one? I used simple bump on my box and have been using java 17.0.9 for 2 months.

Comment 3 Volkmar W. Pogatzki 2024-04-12 09:44:28 UTC

What are the affected versions? Presently in the tree are:
8.402_p06-r1
11.0.22_p7
17.0.10_p7
21.0.2_p13