Your message dated Wed, 04 Apr 2018 22:40:41 +0000 with message-id <e1f3r57-000gdt...@fasolo.debian.org> and subject line Bug#888530: fixed in openjfx 8u161-b12-1 has caused the Debian Bug report #888530, regarding openjfx: CVE-2018-2581 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888530 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openjfx Version: 8u151-b12-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for openjfx, apart the CVE description not much is available: CVE-2018-2581[0]: | Vulnerability in the Java SE component of Oracle Java SE | (subcomponent: JavaFX). Supported versions that are affected are Java | SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows | unauthenticated attacker with network access via multiple protocols to | compromise Java SE. Successful attacks require human interaction from | a person other than the attacker and while the vulnerability is in | Java SE, attacks may significantly impact additional products. | Successful attacks of this vulnerability can result in unauthorized | read access to a subset of Java SE accessible data. Note: This | vulnerability applies to Java deployments, typically in clients | running sandboxed Java Web Start applications or sandboxed Java | applets, that load and run untrusted code (e.g., code that comes from | the internet) and rely on the Java sandbox for security. This | vulnerability does not apply to Java deployments, typically in | servers, that load and run only trusted code (e.g., code installed by | an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-2581 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2581 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openjfx Source-Version: 8u161-b12-1 We believe that the bug you reported is fixed in the latest version of openjfx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 888...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated openjfx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 Apr 2018 00:18:00 +0200 Source: openjfx Binary: openjfx libopenjfx-java libopenjfx-jni libopenjfx-java-doc openjfx-source Architecture: source Version: 8u161-b12-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libopenjfx-java - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav libopenjfx-java-doc - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav libopenjfx-jni - JavaFX/OpenJFX 8 - Rich client application platform for Java (nat openjfx - JavaFX/OpenJFX 8 - Rich client application platform for Java openjfx-source - JavaFX/OpenJFX 8 - Rich client application platform for Java (sou Closes: 888530 Changes: openjfx (8u161-b12-1) unstable; urgency=medium . * Team upload. * New upstream release: - Fixes CVE-2018-2581 (Closes: #888530) - Refreshed the patches * Standards-Version updated to 4.1.3 * Switch to debhelper level 11 Checksums-Sha1: 45a64a353d259c29d3785dc2a70e0bb0e646b1ea 2763 openjfx_8u161-b12-1.dsc 552d7889f4401a98dc313dabdb0f37ff1b50c141 61885740 openjfx_8u161-b12.orig.tar.xz 8ac36dbd3e4478c8465371a97429fa1144ee6f18 16708 openjfx_8u161-b12-1.debian.tar.xz ba3019b9c63d5f30d770b5aae666b30222db1446 22734 openjfx_8u161-b12-1_source.buildinfo Checksums-Sha256: 6c3ef9b1aa83199a40b5d3feae5ef7ac9316f30213c1a3f495a080d47ec839f9 2763 openjfx_8u161-b12-1.dsc 1502d685cfd8f4046b0cfa9f304e11f6f0ca18ecb72aa1460cb33d6ce8838155 61885740 openjfx_8u161-b12.orig.tar.xz 35f82bd033a5c749b92b087523ef8224490d846b9caa968afcedcffdc5024270 16708 openjfx_8u161-b12-1.debian.tar.xz 86f7d89d54aa98889eb754d00157d519aac1a8b5322be7ddb34ebc1b6683129e 22734 openjfx_8u161-b12-1_source.buildinfo Files: 619d9cc35b0a27f657c3b9ed35b153ae 2763 java optional openjfx_8u161-b12-1.dsc 42b66473b34900b0d63dda417fd17aa3 61885740 java optional openjfx_8u161-b12.orig.tar.xz 6f7e1c1167f92c94ace9d634023d1fe0 16708 java optional openjfx_8u161-b12-1.debian.tar.xz f0e219d65faabbcaa992d77f5a041a67 22734 java optional openjfx_8u161-b12-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlrFT3ASHGVib3VyZ0Bh cGFjaGUub3JnAAoJEPUTxBnkudCsEJUP/AscozOjbsRCcPkzYN5BlOlAipSJS6Su zES+sEICn7vST55Hm6BkV8d7RxD/aAEO6/NzA6IO2P4bOTJiAnZ6Dt9r/3prW42J RIIPuYxZ4AHfG5elWUnyE5B3Gx1Vl4st186UEVgNxSHYc46lQ4fba/ca9+VpsLTb V2l422h+gahsryhZzDMDBiB5CDMP3fpAkjDQlBZhlfkOJClRPG1rBGBNiOkMYw0g Fqhzft/30qy7/El8u0z6flUjsjAJ2Uxsg0GQelQREAQENIm5jChRZsc4nCS5DX+f yeb+ijaJJxvU4s3LfGds1p4n2WbOd2OS478ZhSOZ5BX4ezg196Lxin/lo01ASDw+ d0VlH1TWbwvd6TnkUBA/DfTX8ObmqqxfgOnnL7L9PAcSX8lnpUFQUD6Ili1CL5Q1 sJ9jkaQ0y5Mi4No7MgOf43dDWX6W9aYggUtRs0CaA+SohHQIhAljHSle4k6LAEiG 12/ZVBY5uP/p2mfyvlKTvUHQnJFDG6vMPqyJqKjU6AdLRY/7fEYBBPho6dBqJV2t MIVKDh/1vEz2NsNaIBkuMt9EznTThTXiOulIWABEpmoJ4amXES6lWOtORxow0PLB XKFNujed+C4W5U4dPl20iv2eFicKBN5/QEKy0XlL38SpJitTkO6aU0rKsX8lz+Ki A6Yhb9mzgDYG =vLhv -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
