openjdk team mailing list archive

[g1pi@xxxxxxxxx]

Forgot to address the OpenJDK team.
best regards,
	g.

----- Forwarded message from g1pi@xxxxxxxxx -----

Date: Fri, 19 May 2017 23:29:44 +0200
From: g1pi@xxxxxxxxx
To: Moritz Muehlenhoff <jmm@xxxxxxxxxx>
Subject: Re: [SECURITY] [DSA 3858-1] openjdk-7 security update

Hi Moritz.

There's something weird in the updated package for openjdk-7-jdk: the
installed size increased by 180 MB.  From a cursory review, it seems
the contents of /usr/share/doc/openjdk-7-jre-headless/test-i386 went from
a bunch of compressed tar files to a full hierarchy of test logs.

Perhaps the debian rules file must be fixed? 

Best regards,
	g.

On Fri, May 19, 2017 at 10:54:31PM +0200, Moritz Muehlenhoff wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3858-1                   security@xxxxxxxxxx
> https://www.debian.org/security/                       Moritz Muehlenhoff
> May 19, 2017                          https://www.debian.org/security/faq
> -------------------------------------------------------------------------
> 
> Package        : openjdk-7
> CVE ID         : CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 
>                  CVE-2017-3539 CVE-2017-3544
> 
> Several vulnerabilities have been discovered in OpenJDK, an
> implementation of the Oracle Java platform, resulting in privilege
> escalation, denial of service, newline injection in SMTP or use of
> insecure cryptography.
> 
> For the stable distribution (jessie), these problems have been fixed in
> version 7u131-2.6.9-2~deb8u1.
> 
> We recommend that you upgrade your openjdk-7 packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
> 

----- End forwarded message -----