----- Original Message ----- > On 02/11/2013 05:23 PM, Linda Jacobson wrote: > > Hello, > > Will someone on this email list please answer these questions: > > 1. Oracle recently (2/1) released an emergency update to java > > se > > 7, that fixed most open security issues. Since openjdk is the > > reference > > implementation for Java SE, does this mean that all updates are > > entered > > into openjdk first? > > Not necessarily. > For this recent update: 1. Oracle released their update on Friday, February the 1st. 2. The updates were not pushed to OpenJDK7 until about the same time the following Friday (the 8th). 3. The updates are still not available in OpenJDK6. > > 2. Red Hat released a new version of openjdk 6, that fixed > > "many" > > security bugs, as well as other issues. Does it fix all the ones > > fixed > > by Oracle? The security holes are the same in openjdk 6 and > > openjdk 7. > > 3. What is the current status of openjdk 7, with respect to > > the > > documented security vulnerabilities? > > We fixed the vulnerabilities in > http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html#AppendixJAVA > This list also includes security fixes applicable to elements only included in Oracle's proprietary releases, such as JavaFX. The shorter list for OpenJDK 6 is available on http://blog.fuseyism.com/index.php/2013/02/03/security-icedtea6-1-11-6-released/ I'll be posting one for 7 later today now all regressions seem to finally be resolved. The list is mostly the same, but there are a few fixes unique to 7. > > 4. How do Red Hat and Oracle interact with respect to openjdk > > releases, since I thought openjdk had its own people controlling > > releases? > > We get patches from Oracle's support people and apply them to Fedora > packages. > > OpenJDK doesn't have any separate staff. Oracle, Red Hat, and others > work > on OpenJDK. > > Andrew. > > -- > java-devel mailing list > java-devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/java-devel -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 -- java-devel mailing list java-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/java-devel
