On Fri, Jul 31, 2020 at 12:04:52AM +0000, Boushy, Phillip wrote:
- Is there a 11.0.8 update for java-11-openjdk-devel available for
CentOS 7?
No, but it's in the process of being built and distributed. It's been released in RHEL and I suspect the GRUB2/shim/kernel security issue is taking some priority right now.
- Is there a page like Ubuntu's CVE Tracker site where it shows the
CVE, the package name, and the status (e.g. https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14578.html)
Red Hat (CentOS's upsream) posts advisories for these sorts of things:
https://access.redhat.com/errata/RHSA-2020:2969
This is the security advisory for this package.
- If 2 is no, How can I look up the status of a package that has
been released by upstream on CentOS? (e.g. it's been released in Upstream, it's available in CentOS, it's pending backport for CentOS 7)
As I mentioned earlier, the Red Hat errata site is a good place to look. You can search for CVEs there too. There's also a RHSA-Announce mailing list if you'd prefer that they end up in your mailbox:
https://www.redhat.com/mailman/listinfo/rhsa-announce