Bug 14295 - java-1.8.0-openjdk new security issues
Summary: java-1.8.0-openjdk new security issues
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/616267/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-15 19:58 CEST by David Walser
Modified: 2014-11-08 00:49 CET (History)
0 users

See Also:
Source RPM: java-1.8.0-openjdk-1.8.0.40-4.b.02.2.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-10-15 19:58:41 CEST
RedHat has issued an advisory on October 14:
https://rhn.redhat.com/errata/RHSA-2014-1636.html

Reproducible: 

Steps to Reproduce:
David Walser 2014-10-15 19:58:54 CEST

Blocks: (none) => 14294

Comment 1 David Walser 2014-10-15 22:53:37 CEST
Since our package was created from Fedora Rawhide's, we still have to wait since they haven't updated Rawhide yet.  While Fedora 21 has been updated, it uses an older "update version" so we can't use that jdk tarball.  SVN has been updated to sync with Rawhide as of September 25.  I would imagine that Rawhide and RHEL7 will be updated soon.
David Walser 2014-10-24 18:28:28 CEST

Blocks: 14294 => (none)

Comment 2 David Walser 2014-11-05 23:33:43 CET
Fedora finally updated Rawhide today.

Fixed in java-1.8.0-openjdk-1.8.0.40-4.b12.6.mga5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2014-11-06 01:02:35 CET
I missed one dependency change I needed to make on our side, so the update wasn't installable.  tmb restored the previous build.  I have this fixed in SVN, and will mark this as fixed again when java-1.8.0-openjdk-1.8.0.40-4.b12.7.mga5 is built.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 4 David Walser 2014-11-08 00:49:31 CET
Fixed in java-1.8.0-openjdk-1.8.0.40-4.b12.7.mga5.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.