Bug 14295

Summary: java-1.8.0-openjdk new security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/616267/
Whiteboard:
Source RPM: java-1.8.0-openjdk-1.8.0.40-4.b.02.2.mga5.src.rpm CVE:
Status comment:

Description David Walser 2014-10-15 19:58:41 CEST 
RedHat has issued an advisory on October 14:
https://rhn.redhat.com/errata/RHSA-2014-1636.html

Reproducible: 

Steps to Reproduce:
David Walser 2014-10-15 19:58:54 CEST

Blocks: (none) => 14294

Comment 1 David Walser 2014-10-15 22:53:37 CEST 
Since our package was created from Fedora Rawhide's, we still have to wait since they haven't updated Rawhide yet.  While Fedora 21 has been updated, it uses an older "update version" so we can't use that jdk tarball.  SVN has been updated to sync with Rawhide as of September 25.  I would imagine that Rawhide and RHEL7 will be updated soon.
David Walser 2014-10-24 18:28:28 CEST

Blocks: 14294 => (none)

Comment 2 David Walser 2014-11-05 23:33:43 CET 
Fedora finally updated Rawhide today.

Fixed in java-1.8.0-openjdk-1.8.0.40-4.b12.6.mga5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2014-11-06 01:02:35 CET 
I missed one dependency change I needed to make on our side, so the update wasn't installable.  tmb restored the previous build.  I have this fixed in SVN, and will mark this as fixed again when java-1.8.0-openjdk-1.8.0.40-4.b12.7.mga5 is built.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 4 David Walser 2014-11-08 00:49:31 CET 
Fixed in java-1.8.0-openjdk-1.8.0.40-4.b12.7.mga5.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED