Date: Mon, 16 Nov 2015 00:00:46 -0500 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-security@freebsd.org Cc: "ports-secteam@freebsd.org" <ports-secteam@freebsd.org> Subject: Re: java/openjdk8 and jre Message-ID: <CA%2BQLa9C8NQmvPigDheo2Zbtq5zhbvnOCRbkxnqF4Q-rDQ7vG3w@mail.gmail.com> In-Reply-To: <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com> References: <CA%2BQLa9DB5iMAeRDHHUYDg7Jk=7fyfY0T4HTY%2BKDTVRckYjXO5Q@mail.gmail.com> <1447601433.2163074.440262121.5DEBCEDD@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't see a problem with that. u65 is the security fix version and u66 is a bugfix that includes u65. The openjdk project appears to have skipped straight to u66 since both were released simultaneously. >From Oracle's website: "Java SE 8u65 includes important security fixes. Oracle strongly recommends that all Java SE 8 users upgrade to this release. Java SE 8u66 is a patch-set update, including all of 8u65 plus additional features (described in the release notes)." The openjdk website lists u66 as released. On Sun, Nov 15, 2015 at 10:30 AM, Mark Felder <feld@freebsd.org> wrote: > > > On Fri, Nov 13, 2015, at 17:52, Robert Simmons wrote: > > Greetings, > > > > The following security vulnerability bug was reported about a week ago. > > Can > > someone mark the ports as insecure, please? > > > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204269 > > > > This is really annoying. 8u72 won't be available until *January* ?! > > http://openjdk.java.net/projects/jdk8u/releases/8u72.html > > -- > Mark Felder > ports-secteam member > feld@FreeBSD.org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9C8NQmvPigDheo2Zbtq5zhbvnOCRbkxnqF4Q-rDQ7vG3w>