#12191 closed enhancement (fixed)
jdk-12.0.2
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | highest | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New major version
I've been requested to start using the latest JDK for my Java class this summer, so this should probably go in.
It contains the following security fixes over 11.0.2:
CVE-2019-2699 CVE-2019-2697 CVE-2019-2698 CVE-2019-2602 CVE-2019-2684
For CVSSv3 scores, we have a 9.0, 8.1, 8.1, 7.5, and 5.9; all network and remotely exploitable.
Change History (9)
comment:1 by , 6 years ago
follow-up: 3 comment:2 by , 6 years ago
Would you mind if we worked on this together? If you can get the instructions verified and stats, I can generate the binaries for i686 and x86_64 (we probably still want to generate binaries for x86_64 since Oracle seems to be getting in the habit of removing old versions again, and some of the components are built using older versions of headers that we have installed).
comment:3 by , 6 years ago
Replying to renodr:
Would you mind if we worked on this together? If you can get the instructions verified and stats, I can generate the binaries for i686 and x86_64 (we probably still want to generate binaries for x86_64 since Oracle seems to be getting in the habit of removing old versions again, and some of the components are built using older versions of headers that we have installed).
Not sure what you mean with "old versions". At least the link to 11.0.2 binary (as of the book) is still working. The recent one seems to have a md5sum in it. But it works too. We could also link to adoptjdk. As you like...
OK for verifying instructions and stats... Let me know when they are ready (you could send a svn patch, for example...).
Pierre
comment:5 by , 6 years ago
I just began rebuilding my 32-bit system for the i686 binary. It's still running gcc-8.2 (although I did plop gcc-8.3 and 9 in /opt). Now that we're looking at 9.0, there's no better time. I expect that to take a couple of days overall, but it's not on my high priority list due to elogind stuff.
comment:6 by , 6 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:7 by , 6 years ago
| Priority: | high → highest |
|---|---|
| Summary: | jdk-12.0.1 → jdk-12.0.2 |
Well, this escalated quickly...
CVE-2019-7317 CVE-2019-2821 CVE-2019-2762 CVE-2019-2769 CVE-2019-2745 CVE-2019-2816 CVE-2019-2842 CVE-2019-2786 CVE-2019-2818 CVE-2019-2766
Up to the top of my priority list this goes!
comment:9 by , 6 years ago
i686 binary is pending and will be uploaded to Anduin before BLFS 9.0's release.
Will take this one if you agree, but I want to finish the elogind build first, so I can make it, say, on Thursday or so (maybe earlier if elogind goes well).