Debian Bug report logs -
#823622
CVE-2015-4901 CVE-2015-4906 CVE-2015-4908 CVE-2015-4916
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 6 May 2016 18:09:06 UTC
Severity: grave
Tags: security, upstream
Fixed in version openjfx/8u91-b14-1
Done: Emmanuel Bourg <ebourg@apache.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#823622; Package src:openjfx.
(Fri, 06 May 2016 18:09:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Fri, 06 May 2016 18:09:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: openjfx
Severity: grave
Tags: security
The four security issues from October's Java CPU are still unfixed, right?
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 07 May 2016 17:54:08 GMT) (full text, mbox, link).
Reply sent
to Emmanuel Bourg <ebourg@apache.org>:
You have taken responsibility.
(Sat, 07 May 2016 21:57:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sat, 07 May 2016 21:57:04 GMT) (full text, mbox, link).
Message #12 received at 823622-close@bugs.debian.org (full text, mbox, reply):
Source: openjfx
Source-Version: 8u91-b14-1
We believe that the bug you reported is fixed in the latest version of
openjfx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 823622@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebourg@apache.org> (supplier of updated openjfx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 07 May 2016 22:32:15 +0200
Source: openjfx
Binary: openjfx libopenjfx-java libopenjfx-jni libopenjfx-java-doc openjfx-source
Architecture: source all amd64
Version: 8u91-b14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
libopenjfx-java - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav
libopenjfx-java-doc - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav
libopenjfx-jni - JavaFX/OpenJFX 8 - Rich client application platform for Java (nat
openjfx - JavaFX/OpenJFX 8 - Rich client application platform for Java
openjfx-source - JavaFX/OpenJFX 8 - Rich client application platform for Java (sou
Closes: 823622
Changes:
openjfx (8u91-b14-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
- Fixes the security vulnerabilities CVE-2015-4916, CVE-2015-4908,
CVE-2015-4906 and CVE-2015-4901 (Closes: #823622)
* Build with gradle-debian-helper
* Use override_dh_*-{arch,indep} to split the arch all/any operations
* Simplified the clean target
* Updated debian/watch
* Standards-Version updated to 3.9.8 (no changes)
* Use secure Vcs-* URLs
Checksums-Sha1:
dd3b0bfebfd585c8ab82fc7703d54be4a855d552 2701 openjfx_8u91-b14-1.dsc
9663855ace1502cc0d03e7eb12f675a9bc6b6f7d 39071352 openjfx_8u91-b14.orig.tar.xz
86d6303788238478f7f66415faac63d63a3105ea 13384 openjfx_8u91-b14-1.debian.tar.xz
7736191b3db8f6921e53480e08d7834acec46c42 2809762 libopenjfx-java-doc_8u91-b14-1_all.deb
b3a94f9640a932c0dcf906f3b330971bc40dac5f 9907746 libopenjfx-java_8u91-b14-1_all.deb
acb2f03ec81e329676e3ea1f305a2c8f0b937160 3404204 libopenjfx-jni-dbgsym_8u91-b14-1_amd64.deb
f4bda121577364feb5203335548c35b8f48179b9 8340506 libopenjfx-jni_8u91-b14-1_amd64.deb
ee1f5096e5c890eb3d077811a3940216120bbe52 5847128 openjfx-source_8u91-b14-1_all.deb
bc50c56a28c08b81437102503f7e382966dfe71c 34488 openjfx_8u91-b14-1_amd64.deb
Checksums-Sha256:
95e67e0b6e98044fa23e4d9db37f798715b7478960bff235a92b5de18428d9af 2701 openjfx_8u91-b14-1.dsc
af118637331c71b7bf4eae8b50844dfff962a5cf5e948f7979fdec65cf188647 39071352 openjfx_8u91-b14.orig.tar.xz
f9fbbd407a0eb5be5f37c320ea591b023a5e59b01a111c7b0c097439c624bb93 13384 openjfx_8u91-b14-1.debian.tar.xz
bd9b5317aab327a47d9623ad7be1f4f37e5aaa9d8bad91b77bd897deaea8c7c1 2809762 libopenjfx-java-doc_8u91-b14-1_all.deb
c14be444cc8bcc0994a171da9b178275bf25202467683ab93c2d2fc23c1f5d01 9907746 libopenjfx-java_8u91-b14-1_all.deb
f743b4d42d7ed53f86fd099f2c1c36b513a4aa45971447a6fbb0bcd60c6674f8 3404204 libopenjfx-jni-dbgsym_8u91-b14-1_amd64.deb
acc902eefdd6751f9a157cfa89ff7ce82db7ebce6c0f6e1e9e7ba90b23625e84 8340506 libopenjfx-jni_8u91-b14-1_amd64.deb
b55e1a42403bb694f5bdf60df6c7c420126593a33fe03ee6f07bb8050d164bc1 5847128 openjfx-source_8u91-b14-1_all.deb
ac09999862fddae3953fb4ce5d55e801c398885d794b97465d3f7e3a5dd735de 34488 openjfx_8u91-b14-1_amd64.deb
Files:
71af5005002ed6f48e3f654c9cb3ac87 2701 java optional openjfx_8u91-b14-1.dsc
7f684d0e3cc7a3531e71a13ec2b8c248 39071352 java optional openjfx_8u91-b14.orig.tar.xz
4a7ebca026defbe73ea98e8a75a57c94 13384 java optional openjfx_8u91-b14-1.debian.tar.xz
72ac705d45885db11e6f444d6f970a77 2809762 doc optional libopenjfx-java-doc_8u91-b14-1_all.deb
8fd23734782686b12d4d027096d7e69f 9907746 java optional libopenjfx-java_8u91-b14-1_all.deb
5eb16033fc332adace84dc66448f8971 3404204 debug extra libopenjfx-jni-dbgsym_8u91-b14-1_amd64.deb
ff4d267b0b96cff3eebf00f9782363d1 8340506 java optional libopenjfx-jni_8u91-b14-1_amd64.deb
cfea1de01401867ded5adcb660831606 5847128 java optional openjfx-source_8u91-b14-1_all.deb
7a10bb6a347cdf061c619c7ee6027629 34488 java optional openjfx_8u91-b14-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXLlf6AAoJEPUTxBnkudCsnwgP/3XGkPS38Y6du+SHOLluTGxo
dBES+pJzQdN9rZkz3PlKudRi4vuQsx4Dray0Ftwl38XHtbu9Ui5WJwWExv3K4V/h
fjWQ5/zJL3gtbKeQeSOrqxUeqQ12LE4LWsy++7Ap011CGZ6YAyv7ggJFTHMOA+Av
9PrLzivGs7YyElNDhoYcO3BnpooyYJkjxSjhGvadTrS4VGq67e17B2+tuzJlswaf
pp/KRcvK8nesXFhumrENRfaZYuAQVoIO/BHRa/VR4qw+2+YZcoQq+AUl8byI6Vzw
4ByvBeM5aMC5oZf57FpoTtd2YCunU+POfUZJJ208qZ0FTVv4lZFqVUFxahZFUH1h
VU1zb8/snCd4xkqU9AQ9h+MlLb693TBTUPbuc4t/ydiZvmk5aZPkO7Fk97i2LSbq
nDUfDVPoqL+9JtKHx1Gl37Q36MvHaH1oshpm6m8crBL5pAgyGEicf7i4mKyCzOqT
4IbsI2FQCf0riyOLE3BQaIHwpSKy1mAxws2Oh7paJrA8jcMTOSwtOHc+lDMziUzQ
bGUuUz5uYbQfveH3YYxqVoP+u2lTVWvajv9gBtVo0pyY7fviHkLFThxhI5kHQryJ
DhuVI81QJjSisYJsAAyNWEijvoBJtEafdTzF+pl1W97/Q+oDDzAv70geFynxZb/7
+tijHEWlAYJvRcpPPFs7
=8vw7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 14 Jun 2016 07:27:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:36:56 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon