[Git][security-tracker-team/security-tracker][master] new Java issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd175d00 by Moritz Muehlenhoff at 2026-01-21T10:28:22+01:00
new Java issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -98,11 +98,15 @@ CVE-2026-21949 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2026-21948 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2026-21947 (Vulnerability in Oracle Java SE (component: JavaFX).  Supported versio ...)
-	TODO: check
+	- openjfx <not-affected> (Only affects JavaFX 8)
 CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
 CVE-2026-21944 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
 	TODO: check
 CVE-2026-21943 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
@@ -126,9 +130,17 @@ CVE-2026-21935 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
 CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
 CVE-2026-21931 (Vulnerability in the Oracle APEX Sample Applications product of Oracle ...)
 	TODO: check
 CVE-2026-21930 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
@@ -142,7 +154,11 @@ CVE-2026-21927 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CR ...)
 	TODO: check
 CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
 CVE-2026-21924 (Vulnerability in the Oracle Utilities Application Framework product of ...)
 	TODO: check
 CVE-2026-21923 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -49,6 +49,10 @@ node-tar
 --
 nodejs
 --
+openjdk-17 (jmm)
+--
+openjdk-21/stable (jmm)
+--
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd175d00366328e3cde7eb180f782a09f3f4ef4d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd175d00366328e3cde7eb180f782a09f3f4ef4d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/5bf35f9b/attachment.htm>