From owner-freebsd-java@freebsd.org  Tue Jul 14 13:24:03 2015
Return-Path: <owner-freebsd-java@freebsd.org>
Delivered-To: freebsd-java@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CBA4999F91
 for <freebsd-java@mailman.ysv.freebsd.org>;
 Tue, 14 Jul 2015 13:24:03 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 4A309F33
 for <freebsd-java@freebsd.org>; Tue, 14 Jul 2015 13:24:03 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 472E8999F90; Tue, 14 Jul 2015 13:24:03 +0000 (UTC)
Delivered-To: java@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45E35999F8F
 for <java@mailman.ysv.freebsd.org>; Tue, 14 Jul 2015 13:24:03 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from mx5.roble.com (mx5.roble.com [206.40.34.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3B4ABF31;
 Tue, 14 Jul 2015 13:24:02 +0000 (UTC)
 (envelope-from marquis@roble.com)
Date: Tue, 14 Jul 2015 06:23:55 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: glewis@FreeBSD.org, jkim@FreeBSD.org, java@FreeBSD.org
Subject: JDK/JRE security question
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-java>,
 <mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java/>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
 <mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 13:24:03 -0000

Esteemed JDK maintainers,

Given all of the recent Java security news (not just javaws- or
windows-related) it's surprising that the database does not show a
FreeBSD jdk vulnerability for over 30 months.  Is this accurate?  If so
thank you for the excellent work (and thank you even if not for the
excellent work).  If it's not necessarily accurate and considering
Oracle's EOL of Java 6 and 7, do you have any recommendations for
updating vuln.xml?

Best,
Roger Marquis