Thanks Ola. Emilio, can you confirm your latest upload also addresses CVE-2019-2697?
It's MITRE page points to: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html "Mateusz Jurczyk of Google Project Zero: CVE-2019-2697, CVE-2019-2698" which also references CVE-2019-2698, which DLA-1782-1 addressed. So it is likely that this is an oversight in data/CVE/list, as the upload was a new upstream version (i.e. not cherry-picking). Cheers! Sylvain On 13/05/2019 17:00, Ola Lundqvist wrote: > Hi Sylvain > > It was meant to consider CVE-2019-2697. > I do not know anything about re-consider this CVE as nothing has been > noted to that CVE that it has been ignored or should be treated in > some other way. > > // Ola > > On Mon, 13 May 2019 at 10:57, Sylvain Beucler <b...@beuc.net > <mailto:b...@beuc.net>> wrote: > > Hi, > > openjdk-7 is back in dla-needed.txt with the commit message "Sounds > serious enough". > However it was re-added the day after DLA-1782-1 and there's no > new CVE > since. > > Was it an oversight, or was it meant to reconsider > https://security-tracker.debian.org/tracker/CVE-2019-2697 which wasn't > addressed by that DLA? > > Cheers! > Sylvain > > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > | o...@inguza.com <mailto:o...@inguza.com> > o...@debian.org <mailto:o...@debian.org> | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > --------------------------------------------------------------- >