Tags: security upstream
the following vulnerability was published for openjfx, apart the CVE
description not much is available:
| Vulnerability in the Java SE component of Oracle Java SE
| (subcomponent: JavaFX). Supported versions that are affected are Java
| SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows
| unauthenticated attacker with network access via multiple protocols to
| compromise Java SE. Successful attacks require human interaction from
| a person other than the attacker and while the vulnerability is in
| Java SE, attacks may significantly impact additional products.
| Successful attacks of this vulnerability can result in unauthorized
| read access to a subset of Java SE accessible data. Note: This
| vulnerability applies to Java deployments, typically in clients
| running sandboxed Java Web Start applications or sandboxed Java
| applets, that load and run untrusted code (e.g., code that comes from
| the internet) and rely on the Java sandbox for security. This
| vulnerability does not apply to Java deployments, typically in
| servers, that load and run only trusted code (e.g., code installed by
| an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts).
| CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.