Re: OpenJDK vulnerability and best way to find status of package that remediates vulnerability for CentOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Jul 31, 2020 at 12:04:52AM +0000, Boushy, Phillip wrote:
> 1. Is there a 11.0.8 update for java-11-openjdk-devel available for
> CentOS 7?

No, but it's in the process of being built and distributed.  It's been
released in RHEL and I suspect the GRUB2/shim/kernel security issue is
taking some priority right now.

> 2. Is there a page like Ubuntu's CVE Tracker site where it shows the
> CVE, the package name, and the status
> (e.g. https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14578.html)

Red Hat (CentOS's upsream) posts advisories for these sorts of things:

https://access.redhat.com/errata/RHSA-2020:2969

This is the security advisory for this package.  

> 3. If 2 is no, How can I look up the status of a package that has
> been released by upstream on CentOS? (e.g. it's been released in
> Upstream, it's available in CentOS, it's pending backport for CentOS
> 7) 

As I mentioned earlier, the Red Hat errata site is a good place to
look.  You can search for CVEs there too.  There's also a
RHSA-Announce mailing list if you'd prefer that they end up in your
mailbox:

https://www.redhat.com/mailman/listinfo/rhsa-announce

-- 
Jonathan Billings <billings@xxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux