* OpenJDK security updates
@ 2016-02-06 16:01 Mark H Weaver
2016-02-07 11:25 ` Ricardo Wurmus
0 siblings, 1 reply; 2+ messages in thread
From: Mark H Weaver @ 2016-02-06 16:01 UTC (permalink / raw)
To: guix-devel
Can someone familiar with our Java packages please investigate and apply
any needed security updates?
https://www.debian.org/security/2016/dsa-3465
Mark
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: OpenJDK security updates
2016-02-06 16:01 OpenJDK security updates Mark H Weaver
@ 2016-02-07 11:25 ` Ricardo Wurmus
0 siblings, 0 replies; 2+ messages in thread
From: Ricardo Wurmus @ 2016-02-07 11:25 UTC (permalink / raw)
To: Mark H Weaver; +Cc: guix-devel
Mark H Weaver <mhw@netris.org> writes:
> Can someone familiar with our Java packages please investigate and apply
> any needed security updates?
>
> https://www.debian.org/security/2016/dsa-3465
There hasn’t been any new IcedTea release beyond what we offer in Guix.
According to the release announcements for the two latest IcedTea
releases 1.13.10 and 2.6.4 the vulnerabilities have already been
addressed (and more than those listed in the Debian security advisory).
Here’s the list of the security vulnerabilities listed in the advisory
followed by the version of IcedTea in which they are fixed:
CVE-2015-7575 (2.6.4)
CVE-2016-0402 (1.13.10 and 2.6.4)
CVE-2016-0448 (1.13.10 and 2.6.4)
CVE-2016-0466 (1.13.10 and 2.6.4)
CVE-2016-0483 (1.13.10 and 2.6.4)
CVE-2016-0494 (1.13.10 and 2.6.4)
Only CVE-2015-7575 is not mentioned in the release announcement for
1.13.10. I don’t know if this affects 1.13.10.
~~ Ricardo
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-02-07 11:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-06 16:01 OpenJDK security updates Mark H Weaver
2016-02-07 11:25 ` Ricardo Wurmus
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).