Re: OpenJDK vulnerability and best way to find status of package that remediates vulnerability for CentOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 31.07.20 um 02:04 schrieb Boushy, Phillip:
I have a docker image based off centos:7 with java-11-openjdk-devel.

It appears that the current java-11-openjdk-devel available in the CentOS 7 Yum repo is 1:11.0.7.10-4.el7_8

11.0.7 is reported to have some high vulnerabilities  RHSA-2020:2969 that are fixed in 11.0.8, but 11.0.8 is not available for CentOS 7.

1. Is there a 11.0.8 update for java-11-openjdk-devel available for CentOS 7?
2. Is there a page like Ubuntu's CVE Tracker site where it shows the CVE, the package name, and the status (e.g. https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14578.html)
3. If 2 is no, How can I look up the status of a package that has been released by upstream on CentOS? (e.g. it's been released in Upstream, it's available in CentOS, it's pending backport for CentOS 7)



https://lists.centos.org/pipermail/centos-announce/

https://git.centos.org/rpms/java-11-openjdk/releases

--
Leon

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux