[Git][security-tracker-team/security-tracker][master] Consider CVE-2024-20926 as fixed as well for openjdk-21 series

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
199db6ac by Salvatore Bonaccorso at 2024-01-18T20:58:48+01:00
Consider CVE-2024-20926 as fixed as well for openjdk-21 series

That is actually not very clear, and reviewer please take a second look.
The CVE is not mentioned in the openjdk-21 and openjdk-17 changelogs.

openjdk-11 tracks it explicitly as:

       + JDK-8314284: Enhance Nashorn performance (CVE-2024-20926).

whereas that is not mentioned for openjdk-17, openjdk-21.

Link: https://www.oracle.com/security-alerts/cpujan2024.html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -371,7 +371,7 @@ CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
-	- openjdk-21 <unfixed>
+	- openjdk-21 21.0.2+13-1
 CVE-2024-20921
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.22+7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/199db6acd08463208347eeb73d7dea561284c24a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/199db6acd08463208347eeb73d7dea561284c24a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240118/f7893d9f/attachment.htm>