Great!

Sent from a phone

Den mån 13 maj 2019 22:52Emilio Pozuelo Monfort <po...@debian.org> skrev:

> On 13/05/2019 12:09, Emilio Pozuelo Monfort wrote:
> > It was not clear to me at the time of upload if it was addressed in
> 7u221. It
> > was not mentioned in the upstream announcement. I asked upstream for
> > clarification on its status, it may be that that CVE is Oracle specific
> and
> > doesn't affect OpenJDK. Though I haven't received a reply yet. But let's
> wait
> > for their answer.
>
> Upstream confirmed that CVE-2019-2697 doesn't affect OpenJDK as it's a
> vulnerability in a proprietary 2D component only present in Oracle Java. I
> updated the tracker accordingly.
>
> Cheers,
> Emilio
>
>

Reply via email to