OpenJDK security updates

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

* OpenJDK security updates
@ 2016-02-06 16:01 Mark H Weaver
  2016-02-07 11:25 ` Ricardo Wurmus
  0 siblings, 1 reply; 2+ messages in thread
From: Mark H Weaver @ 2016-02-06 16:01 UTC (permalink / raw)
  To: guix-devel

Can someone familiar with our Java packages please investigate and apply
any needed security updates?

https://www.debian.org/security/2016/dsa-3465

     Mark

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: OpenJDK security updates
  2016-02-06 16:01 OpenJDK security updates Mark H Weaver
@ 2016-02-07 11:25 ` Ricardo Wurmus
  0 siblings, 0 replies; 2+ messages in thread
From: Ricardo Wurmus @ 2016-02-07 11:25 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel

Mark H Weaver <mhw@netris.org> writes:

> Can someone familiar with our Java packages please investigate and apply
> any needed security updates?
>
> https://www.debian.org/security/2016/dsa-3465

There hasn’t been any new IcedTea release beyond what we offer in Guix.
According to the release announcements for the two latest IcedTea
releases 1.13.10 and 2.6.4 the vulnerabilities have already been
addressed (and more than those listed in the Debian security advisory).

Here’s the list of the security vulnerabilities listed in the advisory
followed by the version of IcedTea in which they are fixed:

  CVE-2015-7575 (2.6.4)
  CVE-2016-0402 (1.13.10 and 2.6.4)
  CVE-2016-0448 (1.13.10 and 2.6.4)
  CVE-2016-0466 (1.13.10 and 2.6.4)
  CVE-2016-0483 (1.13.10 and 2.6.4)
  CVE-2016-0494 (1.13.10 and 2.6.4)

Only CVE-2015-7575 is not mentioned in the release announcement for
1.13.10.  I don’t know if this affects 1.13.10.

~~ Ricardo

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-02-07 11:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-06 16:01 OpenJDK security updates Mark H Weaver
2016-02-07 11:25 ` Ricardo Wurmus

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.