>Date: Sat, 26 Sep 2020 00:13:06 +1000 > > From: David Holmes <david.hol...@oracle.com> > > To: Moshe Zuisman <zuism...@gmail.com> > > Cc: build-dev@openjdk.java.net > > Subject: Re: cve-2014-3566 cve-2014-6593 in OPEN JDK 8 > > Message-ID: <63142641-ca33-8ed5-6da6-9c8bbb2c5...@oracle.com> > > Content-Type: text/plain; charset=utf-8; format=flowed > > > On 25/09/2020 10:28 pm, Moshe Zuisman wrote: > > > Hi David. Do this Vulnerability group have some their own forum, mail > > > list or other place - they can be contacted? > > > I assumed they did have but it seems not :( > > > https://openjdk.java.net/groups/vulnerability/ > <https://openjdk.java.net/groups/vulnerability/> > > > The only mailing list they have that you can post to is for > > vulnerability reports. > > > I suspect you have to pick an OpenJDK distributor and then ask them > > about this, rather than trying to find out generically what "version of > > OpenJDK" contains a given fix. I'm pretty sure that we don't record CVE > > details when such fixes get integrated. > > > David > > ----- > > Hi David. Thanks for your help!