OpenJDK security updates

OpenJDK security updates

[Mark H Weaver]

Can someone familiar with our Java packages please investigate and apply
any needed security updates?

https://www.debian.org/security/2016/dsa-3465

     Mark

Re: OpenJDK security updates

[Ricardo Wurmus]

Mark H Weaver <mhw@netris.org> writes:

> Can someone familiar with our Java packages please investigate and apply
> any needed security updates?
>
> https://www.debian.org/security/2016/dsa-3465

There hasn’t been any new IcedTea release beyond what we offer in Guix.
According to the release announcements for the two latest IcedTea
releases 1.13.10 and 2.6.4 the vulnerabilities have already been
addressed (and more than those listed in the Debian security advisory).

Here’s the list of the security vulnerabilities listed in the advisory
followed by the version of IcedTea in which they are fixed:

  CVE-2015-7575 (2.6.4)
  CVE-2016-0402 (1.13.10 and 2.6.4)
  CVE-2016-0448 (1.13.10 and 2.6.4)
  CVE-2016-0466 (1.13.10 and 2.6.4)
  CVE-2016-0483 (1.13.10 and 2.6.4)
  CVE-2016-0494 (1.13.10 and 2.6.4)

Only CVE-2015-7575 is not mentioned in the release announcement for
1.13.10.  I don’t know if this affects 1.13.10.

~~ Ricardo