Am 07.10.18 um 13:16 schrieb Moritz Muehlenhoff: [...] > No, unfortunately it's the same "we fix, but don't tell" bullshit policy > as with all other Oracle products. > > Given that mediathekview is our only reverse dependency in stretch we > can probably mark it as ignored for stretch anyway? > > Cheers, > Moritz
Ok. MediathekView in Stretch only uses JavaFX to create some better integrated Panel messages or to improve performance. If I read the advisory correctly CVE-2018-2941 affects Java Web Start or Java applets but MediathekView is a desktop application and doesn't use those classes, so I believe it cannot be exploited. Ignored for Stretch makes sense. Cheers, Markus
signature.asc
Description: OpenPGP digital signature
