Re: openjdk-7 status

To: Sylvain <beuc@beuc.net>
Cc: debian-lts@lists.debian.org, Debian Security Team <team@security.debian.org>
Subject: Re: openjdk-7 status
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 13 May 2019 15:51:42 -0500
Message-id: <[🔎] d7725131-f836-68c6-97ac-dbdc67c5b19b@debian.org>
In-reply-to: <[🔎] 224dc1f5-dfc9-4dc7-60f9-0d6c7f763a28@debian.org>
References: <[🔎] ad29732d-93ea-525e-71ac-5b7c0f60ac58@beuc.net> <[🔎] CABY6=0nuJCxui85v-8tRfT_WZ8nZG6iabMyp7GVCf_V8LqKb_Q@mail.gmail.com> <[🔎] 3159d170-595d-4f17-b401-19af8928c778@beuc.net> <[🔎] 224dc1f5-dfc9-4dc7-60f9-0d6c7f763a28@debian.org>

On 13/05/2019 12:09, Emilio Pozuelo Monfort wrote:
> It was not clear to me at the time of upload if it was addressed in 7u221. It
> was not mentioned in the upstream announcement. I asked upstream for
> clarification on its status, it may be that that CVE is Oracle specific and
> doesn't affect OpenJDK. Though I haven't received a reply yet. But let's wait
> for their answer.

Upstream confirmed that CVE-2019-2697 doesn't affect OpenJDK as it's a
vulnerability in a proprietary 2D component only present in Oracle Java. I
updated the tracker accordingly.

Cheers,
Emilio

Reply to:

Follow-Ups:
- Re: openjdk-7 status
  - From: Ola Lundqvist <ola.lundqvist@gmail.com>

References:
- openjdk-7 status
  - From: Sylvain Beucler <beuc@beuc.net>
- Re: openjdk-7 status
  - From: Ola Lundqvist <ola@inguza.com>
- Re: openjdk-7 status
  - From: Sylvain <beuc@beuc.net>
- Re: openjdk-7 status
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Re: dns-root-data in Jessie LTS
Next by Date: Re: openjdk-7 status
Previous by thread: Re: openjdk-7 status
Next by thread: Re: openjdk-7 status
Index(es):
- Date
- Thread