[CentOS-devel] when the fix for CVE-2018-2794 & CVE-2018-2814 would be available in OpenJDK 1.7?

Wed May 2 05:59:38 UTC 2018
Maheshwari, Shagun <Shagun.Maheshwari at Harman.com>

Hi All,

We are currently on OpenJDK 1.7.0_161 and OpenJDK 1.7.0_161 is impacted by CVE-2018-2794 & CVE-2018-2814
It seems we do NOT have an ETA for the fix. I could see RH already posted a fix for OpenJDK 1.8 here - https://clicktime.symantec.com/a/1/OXdEaLeTBZV355U3VoZGXHSsHP8TO8kMoHYzvixKBl0=?d=0qyCwIvjugxbrmipQQff1sa2wWRMHVRUUuh0XUv5ESqzaTOxkR6ung_ezofkaQmI9oOdk_0br_664pT84q32Qtq17tbclsFpZqurBZxvOQdDnicXWPwO3X7cQo8-JMiYoLRuTt_QbkxY1E9QQ2nD5BUNDquBzNM45qyY7_kQCtBQZUMocX9BHVGIP87nBkhXrbPd6vEeNUefyjNt5bHUlCle552uxZgZ1RV5Ml5vmriyuUwrIN7MDZGmupBBrNqveUYWOvBEOWDdv1eeX9l8sds65djharjDD7C2Usi__S-AIip3ceSDyJJYKmrKU00e9vnHsPiaGfq6eODpZCL8szX8WcKf0_2MroeNyuzFK6xx6T2w5fh9UmXlbB-L90anhbTD_oWywwiMVF0ttO2CdVNCMELMQBKXpCEEL6lR3A%3D%3D&u=https%3A%2F%2Flwn.net%2FArticles%2F752395%2F

Can you please find out when the fix for OpenJDK 1.7 would be available ? If this is getting delayed, can you help to back port this fix ?

Regards,
Shagun

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180502/611b3556/attachment-0007.html>