Debian Bug report logs -
#832419
CVE-2016-3498
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 25 Jul 2016 11:00:07 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version openjfx/8u91-b14-1
Fixed in version openjfx/8u102-b14-1
Done: Emmanuel Bourg <ebourg@apache.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
:
Bug#832419
; Package src:openjfx
.
(Mon, 25 Jul 2016 11:00:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
.
(Mon, 25 Jul 2016 11:00:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: openjfx
Severity: grave
Tags: security
CVE-2016-3498 from
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA
should affected openjfx.
Cheers,
Moritz
Reply sent
to Emmanuel Bourg <ebourg@apache.org>
:
You have taken responsibility.
(Tue, 26 Jul 2016 10:24:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Tue, 26 Jul 2016 10:24:08 GMT) (full text, mbox, link).
Message #10 received at 832419-close@bugs.debian.org (full text, mbox, reply):
Source: openjfx
Source-Version: 8u102-b14-1
We believe that the bug you reported is fixed in the latest version of
openjfx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 832419@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebourg@apache.org> (supplier of updated openjfx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 26 Jul 2016 11:17:10 +0200
Source: openjfx
Binary: openjfx libopenjfx-java libopenjfx-jni libopenjfx-java-doc openjfx-source
Architecture: source
Version: 8u102-b14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
libopenjfx-java - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav
libopenjfx-java-doc - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav
libopenjfx-jni - JavaFX/OpenJFX 8 - Rich client application platform for Java (nat
openjfx - JavaFX/OpenJFX 8 - Rich client application platform for Java
openjfx-source - JavaFX/OpenJFX 8 - Rich client application platform for Java (sou
Closes: 825276 832419
Changes:
openjfx (8u102-b14-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Fixes CVE-2016-3498 (Closes: #832419)
- Refreshed the patches
- New build dependency on python
* Fixed the build failure when building only the arch indep packages
(Closes: #825276)
* Improved the reproducibility:
- Use SOURCE_DATE_EPOCH for the BUILD_TIMESTAMP
Checksums-Sha1:
da9ceee5c62667420f1a69bce96f479e726bfbd1 2716 openjfx_8u102-b14-1.dsc
3c78bed44dc412166267629239cf7f69fc3e9dde 39082812 openjfx_8u102-b14.orig.tar.xz
23bbad12aae181d305a87bc060219f693b309ff0 13704 openjfx_8u102-b14-1.debian.tar.xz
Checksums-Sha256:
3d8d2c25944fce10fb9a285f53ca7e88a938ea3aa8218ed8b8ba511022ece11b 2716 openjfx_8u102-b14-1.dsc
0f462e36e4ca65716e516e7765f23d4d5e772f6a5905d3e5539c6dc734a95683 39082812 openjfx_8u102-b14.orig.tar.xz
487dc3a968e18dd9e8e1e6d1712f20e7713c95516ac674cc1efee10da5e12fdb 13704 openjfx_8u102-b14-1.debian.tar.xz
Files:
4172a67f5ce4084045adb2c7fbc39925 2716 java optional openjfx_8u102-b14-1.dsc
7a8fb7942c696913a8bbb9d5f416bb33 39082812 java optional openjfx_8u102-b14.orig.tar.xz
4ae86b3d0088fb2d533428f8314220e6 13704 java optional openjfx_8u102-b14-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXlyvdAAoJEPUTxBnkudCsBzEQAI0PNWaaR35N4rGP86jzOEBU
PS7OVd1pk1RsfBy4UinsVM0iegZ4o0KpYGjmzZSC1+TUqwDrf0n3ymaYMBojXWAA
HN1IVkJonmJwjSVdeAH99mTlTYz23ON9cjWYdJjL5FHPhqHkPQqarURyzylKQ7v4
43U7327dskk2FyEgl5kzijyL2E0Ks0ONRe321CEGJvDDnSYyVZxDItCTDIhFismr
j6PK1+iM7ai5fjyici+quFoKlqngWGr/Axw/XCZtHj7vG/eOtMRsM5bXHVHgAHAk
cBXtX8m8dD+7KpR4GJ1PqxH552Fk73c7wjy5tD3h6qObIi4P0Tk82Dx4lJA31vdH
upAo7cbIRelnuXgqspYS6bPRd9BB2WUCy3HBlCLbKr9hYllfSS3klOKy9FXGEO+p
6M1E6rs/7f+aGM6bsmX1pLH94U2u4rFDQdMsSTpOh7uQYQtKNKNTXxfdeBLENB0Q
NTXfW7bzoSH8AWnOjzXsrluZNOcV4ZmSjWhjkVk1d//UpPIH0MYqhxzLaMZhp9r/
pu91AoC6vPuj3Cp6LsGsHeLj0d995+GW8qOPoNYiFBzFNhi506SD/5tUAgbQXfDM
gTKTOPSZrgUg6WrWyyy6m5J5oBm3q6BCWCU5sx6Y2n4/odtNr/zq5bpMHvxCHswu
uXDi0FGA6R3iqeJawK9c
=vLbG
-----END PGP SIGNATURE-----
Marked as found in versions openjfx/8u91-b14-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 26 Jul 2016 18:51:09 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 26 Jul 2016 18:51:13 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 29 Aug 2016 07:27:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:07:44 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.