Bug#1093878: Q about 8u442 applicability of JDK-8330045 (Enhance array handling) / CVE-2025-21502
David Holmes
david.holmes at oracle.com
Mon Feb 10 04:49:10 GMT 2025
On 10/02/2025 5:32 am, Thorsten Glaser wrote:
> Hi,
>
> I’ve got this report against openjdk-8 in Debian about CVE-2025-21502
> and I cannot find whether this even affects openjdk-8 at all, nor if
> it’s fixed in 8u442.
>
> There are links to commits in 21/17/11 and a page saying Oracle’s
> 8u431-perf is affected with the fix in 8u441-perf, but without a
> link to a commit saying so ☹
8u-perf is an Oracle product. You won't find any links to commits for it.
>
> I also cannot read JDK-8330045 (wants a login, in contrast to the
> other JDK-####### bugs I peeked into).
>
> So, what’s the state of this?
The entry here lists all the affected versions:
https://www.oracle.com/security-alerts/cpujan2025.html
David
-----
> Thanks in advance,
> //mirabilos
More information about the pkg-java-maintainers
mailing list