Hi.
I have the following problem. We provide OpenJDK binary distro with our
product.
With the current version we provided JDK8u-b222
Customer comes with a list of CVEs and asks if they are fixed in distro, we
provided with our product.
For example he asks about cve-2014-3566, jre-vuln-cve-2017-3241(it is only
a part of the full list he asks about).
In the release note of b222 (
https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-July/009840.html) I
do not see any info about fixed CVEs.
Is there any way I figure out what is a full list of CVEs - fixed in
specific, or opposite - can I somehow know if some specific CVE fixed in
some build?
