On Sat, Aug 05, 2017 at 09:58:53PM +0200, Salvatore Bonaccorso wrote: > Source: openjfx > Version: 8u131-b11-1 > Severity: grave > Tags: upstream security > > Hi, > > the following vulnerabilities were published for openjfx. > > CVE-2017-10086[0] and CVE-2017-10114[1]. > > Unfortunately it's no more details possilby know as shared via [2], > which states that the supported versions vulnerable are 7u141 and > 8u131. The severity is probably as well overrated for this bugreport > and a DSA not deserved. But bug should help tracking the fix for > future unstable upload. > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-10086 > [1] https://security-tracker.debian.org/tracker/CVE-2017-10114 > [2] > http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA > > Please adjust the affected versions in the BTS as needed.
Java maintainers, shall we follow the procedures for openjdk and rebase to a new upstream release in stretch? Cheers, Moritz