Your message dated Wed, 04 Oct 2017 18:27:10 +0000
with message-id <e1dzony-000dqv...@fasolo.debian.org>
and subject line Bug#870860: fixed in openjfx 8u141-b14-1
has caused the Debian Bug report #870860,
regarding openjfx: CVE-2017-10086 CVE-2017-10114
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
870860: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870860
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjfx
Version: 8u131-b11-1
Severity: grave
Tags: upstream security

Hi,

the following vulnerabilities were published for openjfx.

CVE-2017-10086[0] and CVE-2017-10114[1].

Unfortunately it's no more details possilby know as shared via [2],
which states that the supported versions vulnerable are 7u141 and
8u131. The severity is probably as well overrated for this bugreport
and a DSA not deserved. But bug should help tracking the fix for
future unstable upload.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-10086
[1] https://security-tracker.debian.org/tracker/CVE-2017-10114
[2] 
http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: openjfx
Source-Version: 8u141-b14-1

We believe that the bug you reported is fixed in the latest version of
openjfx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated openjfx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 04 Oct 2017 20:01:06 +0200
Source: openjfx
Binary: openjfx libopenjfx-java libopenjfx-jni libopenjfx-java-doc 
openjfx-source
Architecture: source
Version: 8u141-b14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
 libopenjfx-java - JavaFX/OpenJFX 8 - Rich client application platform for Java 
(Jav
 libopenjfx-java-doc - JavaFX/OpenJFX 8 - Rich client application platform for 
Java (Jav
 libopenjfx-jni - JavaFX/OpenJFX 8 - Rich client application platform for Java 
(nat
 openjfx    - JavaFX/OpenJFX 8 - Rich client application platform for Java
 openjfx-source - JavaFX/OpenJFX 8 - Rich client application platform for Java 
(sou
Closes: 849419 853593 857464 870860 872619
Changes:
 openjfx (8u141-b14-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release:
     - Fixes CVE-2017-10086 and CVE-2017-10114 (Closes: #870860)
   * Fixed the build failure with GCC 7 (Closes: #853593)
   * Use the gold linker with memory saving options to avoid build failures
     caused by lack of RAM (Closes: #857464)
   * Fixed a build failure on powerpc caused by a different ucontext_t 
definition
   * Backported a fix for accented characters in textfields (Closes: #872619)
   * libopenjfx-java now suggests installing openjfx (Closes: #849419)
   * Added lintian overrides to remove the warnings related to the js files
   * Disabled the buildSrc tests to work around a Gradle bug
   * Standards-Version updated to 4.1.1
Checksums-Sha1:
 309e8b634f31ba7a76b4c51745f4bb78506bd6e5 2763 openjfx_8u141-b14-1.dsc
 560907d3dc44c5331844d57bf6310331fd8332c5 46838256 openjfx_8u141-b14.orig.tar.xz
 fbbda017d9b3660ad421c37f46d6d6abf79c7306 17016 
openjfx_8u141-b14-1.debian.tar.xz
 0dced11444788413a914ad293a6d178dd0a473a9 21501 
openjfx_8u141-b14-1_source.buildinfo
Checksums-Sha256:
 98642e9bb3dcdea25ad7935bbb25a4c6d97cf1a1a28f8dee19249de12534d764 2763 
openjfx_8u141-b14-1.dsc
 0c4160938394fcea61937a29618f055ee6686a48be27b82bc32830289741799f 46838256 
openjfx_8u141-b14.orig.tar.xz
 4252729dc1fb05db1b45b84a8cbd8b4e2eaf8a71e024a1a7e085ea6f914d8998 17016 
openjfx_8u141-b14-1.debian.tar.xz
 717d2d6e41225f954a4a92d439f83c935232d20b5607ce5f18a6aca75618868b 21501 
openjfx_8u141-b14-1_source.buildinfo
Files:
 390fb89d02b88201ceed6159d7d416bb 2763 java optional openjfx_8u141-b14-1.dsc
 cf2a3a76cec883ee57fbce565ee77f39 46838256 java optional 
openjfx_8u141-b14.orig.tar.xz
 2a5022178703e5691f4178e357a7a40d 17016 java optional 
openjfx_8u141-b14-1.debian.tar.xz
 0583b499eff4ee2c910d3ad71700cd80 21501 java optional 
openjfx_8u141-b14-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlnVIg0SHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsUBQP/2ZK4sq9h0rITUvKoGLGvo8XPu6Eu1fj
bFKS/l/qNJv2ixZxEw4c1ssS8VpjEtHxmD2ssT3gpzohJpunup2C0Zsycq6Ha/It
285azlVkcunHSyqxFzMRJPq6JdWW9geaagVNqcsty+J5cXWir6Dech0D09TAFUCt
pKFn0lo9ewXS55+QsBAUyfV+TayjAd/z94LGuGafc9iLjHS2wkEfIdUIYWDG8gZQ
o3UQgIv9GzW+lZ6WfP8NNu0A4v5U1FCztljMbrZWUnnn5TzdypcRwMAo8ORScOb8
c8JcwL3M1IduLtXlquc0PHoEXV5biGzjkOzkXzd9n14ZgrTd22KKr7+rk5gDWUPQ
b7W7imLOwNqJqjlgJVnmX6n1ujdqSbrWPdEwx2IA0mGpsqnDjZYvrBo0MJxOKs5d
nOswNNSGcJa5IWznROknx73hnyavxXDN56tEClP5jngR7A+xMPE99+SszhqyPlui
B6a59T2YoRSXsmIAzoanbt+0QhrFcFI3V/6XNRceUuKDJ50y0URwInM5SwylwGxg
kfAq7dMD//3rcpuxTngKNyaeigWN81cAlN9QGqFi3QxEyHJh/NJ/WbJYjwGTjHgn
Ou1Y41blVnMGhM4RAqXo15lfVtNJah0X+k3ROCD5I4pMMcqSGmBLXtkp3w5gs8eE
yOWPdx/qIKxa
=2l94
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to