On 5/20/19 3:08 PM, Emmanuel Bourg wrote: > Le 20/05/2019 à 14:38, Aleksey Shipilev a écrit : > >> Yes. Security fixes and Japanese epoch changes are delivered in 11.0.3+7, >> after security embargo was >> lifted. The fixes are not in 11.0.3+6, which was tagged before the embargo >> lifted. You are looking >> for these: >> http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/175eb80c253a >> http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/2996b4523925 >> http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/f0d8b845de21 >> http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/1084d119236b >> http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c61b8801f0e4 >> http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/59610bddd37a > > Thank you. As I understand the rev 1084d119236b is the fix for > CVE-2019-2684, and 59610bddd37a is the fix for CVE-2019-2602. But I'm > not sure about c61b8801f0e4, is there a related CVE?
I don't think there is, but I am not the authoritative source on this. I just listed the differences between +6 and +7 (which came from the security-related repo after the fork for release). See more here: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-April/009115.html -Aleksey
signature.asc
Description: OpenPGP digital signature
