Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
Am 17.10.2017 um 17:20 schrieb Moritz Muehlenhoff: > On Tue, Oct 17, 2017 at 04:30:16PM +0200, Emmanuel Bourg wrote: >> I ran the Oracle JavaFX demos with the new version and it worked fine >> (except the media player but this isn't a regression, something is >> probably misconfigured on my machine). >> >> Should I proceed with the upload, or do you want to do it directly? > > Please go ahead with the upload. I'll also test this with mediathekview > (which is the only reverse dependency in stretch IIRC). Unfortunately > it's geoblocked, so one can't test unless you have a German IP address :-/ There are some streams that are not geoblocked and there is also ARTE.FR. :) signature.asc Description: OpenPGP digital signature
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
On Tue, Oct 17, 2017 at 04:30:16PM +0200, Emmanuel Bourg wrote: > I ran the Oracle JavaFX demos with the new version and it worked fine > (except the media player but this isn't a regression, something is > probably misconfigured on my machine). > > Should I proceed with the upload, or do you want to do it directly? Please go ahead with the upload. I'll also test this with mediathekview (which is the only reverse dependency in stretch IIRC). Unfortunately it's geoblocked, so one can't test unless you have a German IP address :-/ Cheers, Moritz
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
I ran the Oracle JavaFX demos with the new version and it worked fine (except the media player but this isn't a regression, something is probably misconfigured on my machine). Should I proceed with the upload, or do you want to do it directly? Emmanuel Bourg
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
On Fri, Oct 06, 2017 at 04:27:02PM +0200, Emmanuel Bourg wrote: > Hi, > > Quick update on openjfx: the package is back on track, as of version > 8u141-b14-3 I eventually managed to get it to build on both amd64 and > i386 in unstable for the first time since January. If the tests go well > I'll prepare the security update next week. Thanks. Cheers, Moritz
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
Hi, Quick update on openjfx: the package is back on track, as of version 8u141-b14-3 I eventually managed to get it to build on both amd64 and i386 in unstable for the first time since January. If the tests go well I'll prepare the security update next week. Emmanuel Bourg
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
On Mon, Oct 02, 2017 at 05:09:29PM +0200, Emmanuel Bourg wrote: > Le 2/10/2017 à 15:08, Moritz Muehlenhoff a écrit : > > > Java maintainers, shall we follow the procedures for openjdk and > > rebase to a new upstream release in stretch? > > Yes please, that's the only sustainable solution for openjfx. I'll > prepare the update for unstable first and I'll let you know when I'm > ready for a stable-security update. Ok, sounds good. Cheers, Moritz
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
Le 2/10/2017 à 15:08, Moritz Muehlenhoff a écrit : > Java maintainers, shall we follow the procedures for openjdk and > rebase to a new upstream release in stretch? Yes please, that's the only sustainable solution for openjfx. I'll prepare the update for unstable first and I'll let you know when I'm ready for a stable-security update. Emmanuel Bourg
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
On Sat, Aug 05, 2017 at 09:58:53PM +0200, Salvatore Bonaccorso wrote: > Source: openjfx > Version: 8u131-b11-1 > Severity: grave > Tags: upstream security > > Hi, > > the following vulnerabilities were published for openjfx. > > CVE-2017-10086[0] and CVE-2017-10114[1]. > > Unfortunately it's no more details possilby know as shared via [2], > which states that the supported versions vulnerable are 7u141 and > 8u131. The severity is probably as well overrated for this bugreport > and a DSA not deserved. But bug should help tracking the fix for > future unstable upload. > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-10086 > [1] https://security-tracker.debian.org/tracker/CVE-2017-10114 > [2] > http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA > > Please adjust the affected versions in the BTS as needed. Java maintainers, shall we follow the procedures for openjdk and rebase to a new upstream release in stretch? Cheers, Moritz
Bug#870860: openjfx: CVE-2017-10086 CVE-2017-10114
Source: openjfx Version: 8u131-b11-1 Severity: grave Tags: upstream security Hi, the following vulnerabilities were published for openjfx. CVE-2017-10086[0] and CVE-2017-10114[1]. Unfortunately it's no more details possilby know as shared via [2], which states that the supported versions vulnerable are 7u141 and 8u131. The severity is probably as well overrated for this bugreport and a DSA not deserved. But bug should help tracking the fix for future unstable upload. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10086 [1] https://security-tracker.debian.org/tracker/CVE-2017-10114 [2] http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA Please adjust the affected versions in the BTS as needed. Regards, Salvatore