Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2016-3498

Related Vulnerabilities: CVE-2016-3498  

Source

Debian Bug report logs - #832419
CVE-2016-3498

version graph

Package: src:openjfx; Maintainer for src:openjfx is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 25 Jul 2016 11:00:07 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in version openjfx/8u91-b14-1

Fixed in version openjfx/8u102-b14-1

Done: Emmanuel Bourg <ebourg@apache.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#832419; Package src:openjfx. (Mon, 25 Jul 2016 11:00:11 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Mon, 25 Jul 2016 11:00:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2016-3498
Date: Mon, 25 Jul 2016 12:50:10 +0200
Source: openjfx
Severity: grave
Tags: security

CVE-2016-3498 from 
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA  
should affected openjfx.

Cheers,
        Moritz

Reply sent to Emmanuel Bourg <ebourg@apache.org>:
You have taken responsibility. (Tue, 26 Jul 2016 10:24:08 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 26 Jul 2016 10:24:08 GMT) (full text, mbox, link).

Message #10 received at 832419-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bourg <ebourg@apache.org>
To: 832419-close@bugs.debian.org
Subject: Bug#832419: fixed in openjfx 8u102-b14-1
Date: Tue, 26 Jul 2016 10:21:27 +0000
Source: openjfx
Source-Version: 8u102-b14-1

We believe that the bug you reported is fixed in the latest version of
openjfx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 832419@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebourg@apache.org> (supplier of updated openjfx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 26 Jul 2016 11:17:10 +0200
Source: openjfx
Binary: openjfx libopenjfx-java libopenjfx-jni libopenjfx-java-doc openjfx-source
Architecture: source
Version: 8u102-b14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
 libopenjfx-java - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav
 libopenjfx-java-doc - JavaFX/OpenJFX 8 - Rich client application platform for Java (Jav
 libopenjfx-jni - JavaFX/OpenJFX 8 - Rich client application platform for Java (nat
 openjfx    - JavaFX/OpenJFX 8 - Rich client application platform for Java
 openjfx-source - JavaFX/OpenJFX 8 - Rich client application platform for Java (sou
Closes: 825276 832419
Changes:
 openjfx (8u102-b14-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
     - Fixes CVE-2016-3498 (Closes: #832419)
     - Refreshed the patches
     - New build dependency on python
   * Fixed the build failure when building only the arch indep packages
     (Closes: #825276)
   * Improved the reproducibility:
     - Use SOURCE_DATE_EPOCH for the BUILD_TIMESTAMP
Checksums-Sha1:
 da9ceee5c62667420f1a69bce96f479e726bfbd1 2716 openjfx_8u102-b14-1.dsc
 3c78bed44dc412166267629239cf7f69fc3e9dde 39082812 openjfx_8u102-b14.orig.tar.xz
 23bbad12aae181d305a87bc060219f693b309ff0 13704 openjfx_8u102-b14-1.debian.tar.xz
Checksums-Sha256:
 3d8d2c25944fce10fb9a285f53ca7e88a938ea3aa8218ed8b8ba511022ece11b 2716 openjfx_8u102-b14-1.dsc
 0f462e36e4ca65716e516e7765f23d4d5e772f6a5905d3e5539c6dc734a95683 39082812 openjfx_8u102-b14.orig.tar.xz
 487dc3a968e18dd9e8e1e6d1712f20e7713c95516ac674cc1efee10da5e12fdb 13704 openjfx_8u102-b14-1.debian.tar.xz
Files:
 4172a67f5ce4084045adb2c7fbc39925 2716 java optional openjfx_8u102-b14-1.dsc
 7a8fb7942c696913a8bbb9d5f416bb33 39082812 java optional openjfx_8u102-b14.orig.tar.xz
 4ae86b3d0088fb2d533428f8314220e6 13704 java optional openjfx_8u102-b14-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXlyvdAAoJEPUTxBnkudCsBzEQAI0PNWaaR35N4rGP86jzOEBU
PS7OVd1pk1RsfBy4UinsVM0iegZ4o0KpYGjmzZSC1+TUqwDrf0n3ymaYMBojXWAA
HN1IVkJonmJwjSVdeAH99mTlTYz23ON9cjWYdJjL5FHPhqHkPQqarURyzylKQ7v4
43U7327dskk2FyEgl5kzijyL2E0Ks0ONRe321CEGJvDDnSYyVZxDItCTDIhFismr
j6PK1+iM7ai5fjyici+quFoKlqngWGr/Axw/XCZtHj7vG/eOtMRsM5bXHVHgAHAk
cBXtX8m8dD+7KpR4GJ1PqxH552Fk73c7wjy5tD3h6qObIi4P0Tk82Dx4lJA31vdH
upAo7cbIRelnuXgqspYS6bPRd9BB2WUCy3HBlCLbKr9hYllfSS3klOKy9FXGEO+p
6M1E6rs/7f+aGM6bsmX1pLH94U2u4rFDQdMsSTpOh7uQYQtKNKNTXxfdeBLENB0Q
NTXfW7bzoSH8AWnOjzXsrluZNOcV4ZmSjWhjkVk1d//UpPIH0MYqhxzLaMZhp9r/
pu91AoC6vPuj3Cp6LsGsHeLj0d995+GW8qOPoNYiFBzFNhi506SD/5tUAgbQXfDM
gTKTOPSZrgUg6WrWyyy6m5J5oBm3q6BCWCU5sx6Y2n4/odtNr/zq5bpMHvxCHswu
uXDi0FGA6R3iqeJawK9c
=vLbG
-----END PGP SIGNATURE-----

Marked as found in versions openjfx/8u91-b14-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 26 Jul 2016 18:51:09 GMT) (full text, mbox, link).

Added tag(s) upstream and fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 26 Jul 2016 18:51:13 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 29 Aug 2016 07:27:07 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:07:44 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started