Re: How can I know which vulnerabilities (CVEs) are fixed in specific tag of open JDK?
Thanks! But the problem here is that this list includes only vulnerabilities, dated by 2019-2020. Vulnerabilities we (our customer) are interested in - are of 2014-2015. ср, 23 сент. 2020 г. в 13:38, Alan Bateman : > On 23/09/2020 11:29, Moshe Zuisman wrote: > > Hi. > > I have the following problem. We provide OpenJDK binary distro with our > > product. > > With the current version we provided JDK8u-b222 > > Customer comes with a list of CVEs and asks if they are fixed in distro, > we > > provided with our product. > > For example he asks about cve-2014-3566, jre-vuln-cve-2017-3241(it is > only > > a part of the full list he asks about). > > In the release note of b222 ( > > https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-July/009840.html) > I > > do not see any info about fixed CVEs. > > Is there any way I figure out what is a full list of CVEs - fixed in > > specific, or opposite - can I somehow know if some specific CVE fixed in > > some build? > Advisories are posted to the vuln-announce mailing list and also linked > from the advisories page [1]. > > -Alan > > [1] https://openjdk.java.net/groups/vulnerability/advisories/ >
Re: How can I know which vulnerabilities (CVEs) are fixed in specific tag of open JDK?
On 23/09/2020 11:29, Moshe Zuisman wrote: Hi. I have the following problem. We provide OpenJDK binary distro with our product. With the current version we provided JDK8u-b222 Customer comes with a list of CVEs and asks if they are fixed in distro, we provided with our product. For example he asks about cve-2014-3566, jre-vuln-cve-2017-3241(it is only a part of the full list he asks about). In the release note of b222 ( https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-July/009840.html) I do not see any info about fixed CVEs. Is there any way I figure out what is a full list of CVEs - fixed in specific, or opposite - can I somehow know if some specific CVE fixed in some build? Advisories are posted to the vuln-announce mailing list and also linked from the advisories page [1]. -Alan [1] https://openjdk.java.net/groups/vulnerability/advisories/
How can I know which vulnerabilities (CVEs) are fixed in specific tag of open JDK?
Hi. I have the following problem. We provide OpenJDK binary distro with our product. With the current version we provided JDK8u-b222 Customer comes with a list of CVEs and asks if they are fixed in distro, we provided with our product. For example he asks about cve-2014-3566, jre-vuln-cve-2017-3241(it is only a part of the full list he asks about). In the release note of b222 ( https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-July/009840.html) I do not see any info about fixed CVEs. Is there any way I figure out what is a full list of CVEs - fixed in specific, or opposite - can I somehow know if some specific CVE fixed in some build?