unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* OpenJDK security updates
@ 2016-02-06 16:01 Mark H Weaver
  2016-02-07 11:25 ` Ricardo Wurmus
  0 siblings, 1 reply; 2+ messages in thread
From: Mark H Weaver @ 2016-02-06 16:01 UTC (permalink / raw)
  To: guix-devel

Can someone familiar with our Java packages please investigate and apply
any needed security updates?

https://www.debian.org/security/2016/dsa-3465

     Mark

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: OpenJDK security updates
  2016-02-06 16:01 OpenJDK security updates Mark H Weaver
@ 2016-02-07 11:25 ` Ricardo Wurmus
  0 siblings, 0 replies; 2+ messages in thread
From: Ricardo Wurmus @ 2016-02-07 11:25 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel


Mark H Weaver <mhw@netris.org> writes:

> Can someone familiar with our Java packages please investigate and apply
> any needed security updates?
>
> https://www.debian.org/security/2016/dsa-3465

There hasn’t been any new IcedTea release beyond what we offer in Guix.
According to the release announcements for the two latest IcedTea
releases 1.13.10 and 2.6.4 the vulnerabilities have already been
addressed (and more than those listed in the Debian security advisory).

Here’s the list of the security vulnerabilities listed in the advisory
followed by the version of IcedTea in which they are fixed:

  CVE-2015-7575 (2.6.4)
  CVE-2016-0402 (1.13.10 and 2.6.4)
  CVE-2016-0448 (1.13.10 and 2.6.4)
  CVE-2016-0466 (1.13.10 and 2.6.4)
  CVE-2016-0483 (1.13.10 and 2.6.4)
  CVE-2016-0494 (1.13.10 and 2.6.4)

Only CVE-2015-7575 is not mentioned in the release announcement for
1.13.10.  I don’t know if this affects 1.13.10.

~~ Ricardo

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-02-07 11:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-06 16:01 OpenJDK security updates Mark H Weaver
2016-02-07 11:25 ` Ricardo Wurmus

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).