Source: openjfx Version: 8u151-b12-1 Severity: important Tags: security upstream
Hi, the following vulnerability was published for openjfx, apart the CVE description not much is available: CVE-2018-2581[0]: | Vulnerability in the Java SE component of Oracle Java SE | (subcomponent: JavaFX). Supported versions that are affected are Java | SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows | unauthenticated attacker with network access via multiple protocols to | compromise Java SE. Successful attacks require human interaction from | a person other than the attacker and while the vulnerability is in | Java SE, attacks may significantly impact additional products. | Successful attacks of this vulnerability can result in unauthorized | read access to a subset of Java SE accessible data. Note: This | vulnerability applies to Java deployments, typically in clients | running sandboxed Java Web Start applications or sandboxed Java | applets, that load and run untrusted code (e.g., code that comes from | the internet) and rely on the Java sandbox for security. This | vulnerability does not apply to Java deployments, typically in | servers, that load and run only trusted code (e.g., code installed by | an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-2581 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2581 Please adjust the affected versions in the BTS as needed. Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
