On 03/05/2013 12:51 PM, Johnny Hughes wrote: > On 03/05/2013 12:49 PM, m.roth at 5-cent.us wrote: >> Johnny Hughes wrote: >>> On 03/05/2013 11:51 AM, m.roth at 5-cent.us wrote: >>>> I see there's a release today or so from Oracle of a new zero-day >>>> vulnerability. Any idea how soon we'll have an update? >>>> >>>> <https://threatpost.com/en_us/blogs/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413> >>>> >>> As soon as redhat releases one? >> Figured that - just wondered if y'all had heard anything. >> >> For that matter, I tried following the CSV, and can't find more info on >> the NIST site - trying to figure out if it *only* affects Oracle's java, >> or openjdk also. >> > It impacts both: > > https://bugzilla.redhat.com/show_bug.cgi?id=917553 Note: That means (1) We're on it :D , and (2) When this is released for CentOS-6.x it will initially be in 6.3/CR repo if 6.4 is not released yet or 6.4/updates if 6.4 is released. CentOS-5.9 will just get the update released normally into 5.9/updates. When will CentOS-6.4 be released ... soon :) When is soon ... I would expect sometime before Friday, March 8th (or very close to that date). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130305/54a06db3/attachment-0005.sig>