Bug#905215: CVE-2018-2941
Markus Koschany
apo at debian.org
Sun Oct 7 12:29:01 BST 2018
Am 07.10.18 um 13:16 schrieb Moritz Muehlenhoff:
[...]
> No, unfortunately it's the same "we fix, but don't tell" bullshit policy
> as with all other Oracle products.
>
> Given that mediathekview is our only reverse dependency in stretch we
> can probably mark it as ignored for stretch anyway?
>
> Cheers,
> Moritz
Ok. MediathekView in Stretch only uses JavaFX to create some better
integrated Panel messages or to improve performance. If I read the
advisory correctly CVE-2018-2941 affects Java Web Start or Java applets
but MediathekView is a desktop application and doesn't use those
classes, so I believe it cannot be exploited. Ignored for Stretch makes
sense.
Cheers,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20181007/4c367edd/attachment.sig>
More information about the pkg-java-maintainers
mailing list