On 2017-05-18 07:54 PM, Graham Leggett wrote: > Looking at https://bugs.openjdk.java.net/browse/JDK-8148516, I'm not > seeing a CVE number attached.
The change is about dropping support for algorithms that are no longer considered secure so I don't think there is any CVE attached to this. > In addition, this issue is marked as an "enhancement". Probably not the best name but they only have a limited set of bug types in their bugtracker. > The change is about dropping support for algorithms that are no longer > considered secure so I don't think there is any CVE attached to this. We were affected by the regression as well but I think in the long run, this is a relatively small price to pay to not have to carry outdated crypto. I find the security team to be very good and conservative with backporting security fixes but most importantly when mistakes happen, they get fixed pretty quickly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1691126 Title: java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1691126/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
