[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian distributions of stable OpenJDK updates

On 5/20/19 3:08 PM, Emmanuel Bourg wrote:
> Le 20/05/2019 à 14:38, Aleksey Shipilev a écrit :
>> Yes. Security fixes and Japanese epoch changes are delivered in 11.0.3+7, after security embargo was
>> lifted. The fixes are not in 11.0.3+6, which was tagged before the embargo lifted. You are looking
>> for these:
>>   http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/175eb80c253a
>>   http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/2996b4523925
>>   http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/f0d8b845de21
>>   http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/1084d119236b
>>   http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c61b8801f0e4
>>   http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/59610bddd37a
> Thank you. As I understand the rev 1084d119236b is the fix for
> CVE-2019-2684, and 59610bddd37a is the fix for CVE-2019-2602. But I'm
> not sure about c61b8801f0e4, is there a related CVE?

I don't think there is, but I am not the authoritative source on this. I just listed the differences
between +6 and +7 (which came from the security-related repo after the fork for release).

See more here:


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: