On Sun, Oct 07, 2018 at 01:04:38PM +0200, Markus Koschany wrote:
> Hi,
>
> On Wed, 01 Aug 2018 16:45:30 +0200 Moritz Muehlenhoff <j...@debian.org>
> wrote:
> > Source: openjfx
> > Severity: grave
> > Tags: security
> >
> > http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
> > fixed CVE-2018-2941 in JavaFX, which should affect our openjfx package.
>
> We have recently upgraded OpenJFX to version 11. It is not listed as a
> vulnerable version in Oracle's security advisory. I presume if it has
> been vulnerable they would have fixed it in OpenJFX 11 too by now. Do
> you have more information about this vulnerability because I can't find
> any details on the web.
No, unfortunately it's the same "we fix, but don't tell" bullshit policy
as with all other Oracle products.
Given that mediathekview is our only reverse dependency in stretch we
can probably mark it as ignored for stretch anyway?
Cheers,
Moritz
