Your message dated Mon, 02 Apr 2018 09:19:45 +0000 with message-id <e1f2vcv-0005xc...@fasolo.debian.org> and subject line Bug#891330: fixed in openjdk-7 7u171-2.6.13-1 has caused the Debian Bug report #891330, regarding openjdk-7: several vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891330: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891330 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openjdk-7 Version: 7u161-2.6.12-1 Severity: grave Tags: security Hi, There are several vulnerabilities from the last Oracle CPU. There is no new Icedtea release at this point AFAICS, so I guess our options are to wait or to backport the fixes. Thanks, Emilio -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (800, 'unstable'), (700, 'experimental'), (650, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: openjdk-7 Source-Version: 7u171-2.6.13-1 We believe that the bug you reported is fixed in the latest version of openjdk-7, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose <d...@ubuntu.com> (supplier of updated openjdk-7 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Apr 2018 10:36:32 +0200 Source: openjdk-7 Binary: openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-jre-lib openjdk-7-demo openjdk-7-source openjdk-7-doc openjdk-7-dbg icedtea-7-jre-jamvm openjdk-7-jre-zero Architecture: source Version: 7u171-2.6.13-1 Distribution: experimental Urgency: high Maintainer: OpenJDK Team <open...@lists.launchpad.net> Changed-By: Matthias Klose <d...@ubuntu.com> Description: icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM openjdk-7-dbg - Java runtime based on OpenJDK (debugging symbols) openjdk-7-demo - Java runtime based on OpenJDK (demos and examples) openjdk-7-doc - OpenJDK Development Kit (JDK) documentation openjdk-7-jdk - OpenJDK Development Kit (JDK) openjdk-7-jre - OpenJDK Java runtime, using openjdk-7-jre-headless - OpenJDK Java runtime, using (headless) openjdk-7-jre-lib - OpenJDK Java runtime (architecture independent libraries) openjdk-7-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark openjdk-7-source - OpenJDK Development Kit (JDK) source files Closes: 887858 889378 891330 Changes: openjdk-7 (7u171-2.6.13-1) experimental; urgency=high . [ Tiago Stürmer Daitx ] * IcedTea release 2.6.13 (based on 7u171). Closes: #891330. * Security fixes: - S8160104: CORBA communication improvements - S8172525, CVE-2018-2579: Improve key keying case - S8174756: Extra validation for public keys - S8175932: Improve host instance supports - S8176458: Revise default document styling - S8178449, CVE-2018-2588: Improve LDAP logins - S8178458: Better use of certificates in LDAP - S8178466: Better RSA parameters - S8179536: Cleaner print job handling - S8179990: Cleaner palette entry handling - S8180011: Cleaner native graphics device handling - S8180015: Cleaner AWT robot handling - S8180020: Improve SymbolHashMap entry handling - S8180433: Cleaner CLR invocation handling - S8180877: More deeply colored ICC spaces - S8181664: Improve JVM UTF String handling - S8181670: Improve implementation of keystores - S8182125, CVE-2018-2599: Improve reliability of DNS lookups - S8182387, CVE-2018-2603: Improve PKCS usage - S8182601, CVE-2018-2602: Improve usage messages - S8185292, CVE-2018-2618: Stricter key generation - S8185325, CVE-2018-2641: Improve GTK initialization - S8186080: Transform XML interfaces - S8186212, CVE-2018-2629: Improve GSS handling - S8186600, CVE-2018-2634: Improve property negotiations - S8186606, CVE-2018-2633: Improve LDAP lookup robustness - S8186867: Improve native glyph layouts - S8186998, CVE-2018-2637: Improve JMX supportive features - S8189284, CVE-2018-2663: More refactoring for deserialization cases - S8190289, CVE-2018-2677: More refactoring for client deserialization cases - S8191142, CVE-2018-2678: More refactoring for naming deserialization cases * Remove multiarch-support pre-dependency. Closes: #887858. . [ Matthias Klose ] * Bump standards version. * Disable bootstrap on sid/buster, gcj is removed. * Remove Damien Raude-Morvan as uploader. Closes: #889378. Checksums-Sha1: 46947a7d6289a7596eaa9a85a4fe83a31169e685 4488 openjdk-7_7u171-2.6.13-1.dsc 4eff52dbe3475dbc0798fe7a87395009b4036200 54080195 openjdk-7_7u171-2.6.13.orig.tar.gz 707908040af39b8213fa3c1a66bfa5b9ccf93b27 171652 openjdk-7_7u171-2.6.13-1.debian.tar.xz a66638fde3fd3b1b3d6f1bcb1c2d1bc62d315512 15747 openjdk-7_7u171-2.6.13-1_source.buildinfo Checksums-Sha256: 13e2dce83c26b1432c24d181d395d6f926720ea3f8a9082f47a64c3fa5a67049 4488 openjdk-7_7u171-2.6.13-1.dsc d3383c74908f0b9e3bc64770c861b2bea0969749601d74e89751b0257503e568 54080195 openjdk-7_7u171-2.6.13.orig.tar.gz f433587c4c73a2fb8cbb0297049fc6a5a2038591af3d9b2c1d0b23f0b5fc5521 171652 openjdk-7_7u171-2.6.13-1.debian.tar.xz 69c9634b2a2e675f0e0d408f999cbad8366a8cbc0cd476ff6b7d4a3f74a31254 15747 openjdk-7_7u171-2.6.13-1_source.buildinfo Files: 208e9bc936b0fda71e2dc71f7692e873 4488 java optional openjdk-7_7u171-2.6.13-1.dsc 7283c43d6ca83b80568d4def614db211 54080195 java optional openjdk-7_7u171-2.6.13.orig.tar.gz f0a47e647217dc3501c1514050c93dc3 171652 java optional openjdk-7_7u171-2.6.13-1.debian.tar.xz 7a10562d9ddee52b48f97ff4eabd1259 15747 java optional openjdk-7_7u171-2.6.13-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlrB8Y4QHGRva29AdWJ1 bnR1LmNvbQAKCRC9fqpgd4+m9b5UEACI2IZvUWzAwYKa5D5rB6u0N/lwbdgs1dvz zVe5DJiJr3Vz6Uct8OkBnaQKv/rzMou9X3fTYhjwZpmy0v9P5m8sUNeJNh76cdCr T1D55YCKziqRRaW5QWfwK1nvSNBDveDkfgxVXKUvp794H+SXgPBC9yNbr0EmHaii U7lHTwDd5H+SN2RV5FAvewqJsSw90SranTzmyABPLvmTNSLhWjwltOIeG1De06P2 P09VYtzWlGO//JrpM+3TMqKJP4++2koulEu3LPujyUI1NmUcX8jWNaaol1oGWDXx iSdaijbR4ix6i3w0XwQtK6IwSVclgtlOII7lP5G8gzheMeeF5NDNUvLp8VH3glwq ghDsomeF7Rfo5+u8QaZwQUQXnWvL/9fqIUmGuVY4jV3Yo16h7t7jM9rOtfmIiEnE pyrLnPnXCpFOgwa4Wx0vp+CTo4/T+7zVLKhphw8ErOIgvVfkBUp9Qn6QKyPFtmna +vaCOmuGK4hvJB0aZUUEugi/8vWy3IyYdqlGp4+qwZRw0k2Z3lLvgw+4hhOPyH7p AlseTy6mHQju5zeNalhim7y5vTzZLNjKgxvqAPqAl0a/US90gEF4eCAPF1x5RWX9 ZMB14RVnlIUyw+ajKd2D6InVZQWU/fDsvdbS49nu+GYTgwS0LOF5LrPWSzVCzmYU bBAIWeytBA== =vvck -----END PGP SIGNATURE-----
--- End Message ---
