[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openjdk-7 status


Sent from a phone

Den mån 13 maj 2019 22:52Emilio Pozuelo Monfort <pochu@debian.org> skrev:
On 13/05/2019 12:09, Emilio Pozuelo Monfort wrote:
> It was not clear to me at the time of upload if it was addressed in 7u221. It
> was not mentioned in the upstream announcement. I asked upstream for
> clarification on its status, it may be that that CVE is Oracle specific and
> doesn't affect OpenJDK. Though I haven't received a reply yet. But let's wait
> for their answer.

Upstream confirmed that CVE-2019-2697 doesn't affect OpenJDK as it's a
vulnerability in a proprietary 2D component only present in Oracle Java. I
updated the tracker accordingly.


Reply to: