Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenJDK 7 out of date (probably vulnerable), references a vulnerable version of cups #7407

Closed
falsifian opened this issue Apr 16, 2015 · 6 comments
Closed

OpenJDK 7 out of date (probably vulnerable), references a vulnerable version of cups #7407

falsifian opened this issue Apr 16, 2015 · 6 comments
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: java Including JDK, tooling, other languages, other VMs

Comments

@falsifian
Copy link
Contributor

master is at 7u65; JDK vulnerabilities are constantly being fixed (e.g. CVE-2014-6658).

Also, the expression includes the URL for the Cups 1.5.4 source, which itself might be a security issue.

(Darwin version of this issue: #1617)
@falsifian falsifian added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Apr 16, 2015
@domenkozar
Copy link
Member

Master is at 7u79

@domenkozar
Copy link
Member

I cherry-picked to release-14.12

@falsifian
Copy link
Contributor Author

Are you sure you don't mean OracleJDK? OpenJDK is still at 7u65. (I don't know if the version numbers are the same between OracleJDK and OpenJDK, but the version hasn't been bumped since July 2014.)

@falsifian falsifian reopened this Apr 17, 2015
@falsifian
Copy link
Contributor Author

Thanks for cherry-picking :-)

@domenkozar
Copy link
Member

Uh-uh, yes.

@domenkozar
Copy link
Member

Openjdk was bumped, but cups wasnt.

@Profpatsch Profpatsch mentioned this issue Jul 23, 2016
Merged
Profpatsch added a commit to Profpatsch/nixpkgs that referenced this issue Jul 23, 2016
@Profpatsch
openjdk7: replace vulnerable cups version
f2fe8c9 
Fixes NixOS#7407.
Also uses the nixpkgs version of cups, not a static one that is never
maintained.
fpletz pushed a commit that referenced this issue Jul 28, 2016
@Profpatsch @fpletz
openjdk7: replace vulnerable cups version (#17214)
632411c 
Fixes #7407.
Also uses the nixpkgs version of cups, not a static one that is never
maintained.
@tomodachi94 tomodachi94 added the 6.topic: java Including JDK, tooling, other languages, other VMs label Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: java Including JDK, tooling, other languages, other VMs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@domenkozar @falsifian @tomodachi94