[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenJDK security updates
From: |
Ricardo Wurmus |
Subject: |
Re: OpenJDK security updates |
Date: |
Sun, 7 Feb 2016 12:25:47 +0100 |
User-agent: |
mu4e 0.9.13; emacs 24.5.1 |
Mark H Weaver <address@hidden> writes:
> Can someone familiar with our Java packages please investigate and apply
> any needed security updates?
>
> https://www.debian.org/security/2016/dsa-3465
There hasn’t been any new IcedTea release beyond what we offer in Guix.
According to the release announcements for the two latest IcedTea
releases 1.13.10 and 2.6.4 the vulnerabilities have already been
addressed (and more than those listed in the Debian security advisory).
Here’s the list of the security vulnerabilities listed in the advisory
followed by the version of IcedTea in which they are fixed:
CVE-2015-7575 (2.6.4)
CVE-2016-0402 (1.13.10 and 2.6.4)
CVE-2016-0448 (1.13.10 and 2.6.4)
CVE-2016-0466 (1.13.10 and 2.6.4)
CVE-2016-0483 (1.13.10 and 2.6.4)
CVE-2016-0494 (1.13.10 and 2.6.4)
Only CVE-2015-7575 is not mentioned in the release announcement for
1.13.10. I don’t know if this affects 1.13.10.
~~ Ricardo