Debian Package Tracker

general

source: openjfx (main)
version: 11.0.1+1-1
maintainer: Debian Java Maintainers (archive) [DMD]
uploaders: Emmanuel Bourg [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 8u102-b14-1~bpo8+1
stable: 8u111-b14-1
stable-sec: 8u141-b14-3~deb9u1
testing: 11.0.1+1-1
unstable: 11.0.1+1-1

versioned links

8u102-b14-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8u111-b14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
8u141-b14-3~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.0.1+1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libopenjfx-java
libopenjfx-java-doc
libopenjfx-jni
openjfx
openjfx-source

action needed

A new upstream version is available: 11.0.2+1 high

A new upstream version 11.0.2+1 is available, you should consider packaging it.

Created: 2019-01-18 Last update: 2019-01-20 15:09

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2018-3209: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Please fix it.

Created: 2018-10-31 Last update: 2018-12-16 12:35

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-3209: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Please fix it.

Created: 2018-10-17 Last update: 2018-12-16 12:35

5 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 11.0.2+1-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit dc6a920221e2fe9117489ce466cec6b8a99abbed
Author: Emmanuel Bourg <ebourg@apache.org>
Date:   Sun Jan 20 16:25:34 2019 +0100

    Upload to unstable

commit 375e7f760df214113e55e9f729fab4cf22649041
Author: Emmanuel Bourg <ebourg@apache.org>
Date:   Sun Jan 20 16:24:50 2019 +0100

    Standards-Version updated to 4.3.0

commit d0ab4ffdc9e51bfd08273fa9177f7e84ef04f5f8
Author: Emmanuel Bourg <ebourg@apache.org>
Date:   Sun Jan 20 16:24:36 2019 +0100

    Refreshed the patches

commit 6c7c238ea1e3fb7c183863a7a494b00c766d69ae
Merge: 3f40fca12 dfca0542a
Author: Emmanuel Bourg <ebourg@apache.org>
Date:   Sun Jan 20 00:19:48 2019 +0100

    Update upstream source from tag 'upstream/11.0.2+1'
    
    Update to upstream version '11.0.2+1'
    with Debian dir caf3e673dbfb65c96581a1565f3ae5280663f091

commit dfca0542a95b41a84c1d54bdc54317295d950837
Author: Emmanuel Bourg <ebourg@apache.org>
Date:   Sun Jan 20 00:18:27 2019 +0100

    New upstream version 11.0.2+1

Created: 2019-01-20 Last update: 2019-01-20 16:46

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-11-04 Last update: 2019-01-20 15:05

Multiarch hinter reports 4 issue(s) normal

There are issues with the multiarch metadata for this package.

libopenjfx-java-doc could be marked Multi-Arch: foreign
openjfx-source could be marked Multi-Arch: foreign
libopenjfx-jni could be marked Multi-Arch: same
openjfx could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2019-01-20 14:21

lintian reports 13 warnings normal

Lintian reports 13 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-10-12 Last update: 2018-12-05 04:50

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-2941: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2018-2581: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
CVE-2018-3209: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Please fix them.

Created: 2018-01-17 Last update: 2018-12-16 12:35

Build log checks report 3 warnings low

Build log checks report 3 warnings

Created: 2018-10-04 Last update: 2018-10-04 03:13

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:15

news

[rss feed]

[2019-01-20] Accepted openjfx 11.0.2+1-1 (source) into unstable (Emmanuel Bourg)
[2018-12-17] openjfx 11.0.1+1-1 MIGRATED to testing (Debian testing watch)
[2018-12-04] Accepted openjfx 11.0.1+1-1 (source) into unstable (Emmanuel Bourg)
[2018-11-01] openjfx 11+26-5 MIGRATED to testing (Debian testing watch)
[2018-10-19] Accepted openjfx 11+26-5 (source) into unstable (Frédéric Bonnard)
[2018-10-10] Accepted openjfx 11+26-4 (source) into unstable (Markus Koschany)
[2018-10-07] Accepted openjfx 11+26-3 (source) into unstable (Markus Koschany)
[2018-10-06] Accepted openjfx 11+26-2 (source) into unstable (Emmanuel Bourg) (signed by: Markus Koschany)
[2018-10-03] Accepted openjfx 11+26-1 (source) into unstable (Emmanuel Bourg)
[2018-06-12] Accepted openjfx 8u171-b11-2 (source) into unstable (Emmanuel Bourg)
[2018-06-11] Accepted openjfx 8u171-b11-1 (source) into unstable (Emmanuel Bourg)
[2018-04-28] openjfx REMOVED from testing (Debian testing watch)
[2018-04-04] Accepted openjfx 8u161-b12-1 (source) into unstable (Emmanuel Bourg)
[2017-10-22] Accepted openjfx 8u151-b12-1 (source) into unstable (Emmanuel Bourg)
[2017-10-11] openjfx 8u141-b14-3 MIGRATED to testing (Debian testing watch)
[2017-10-06] Accepted openjfx 8u141-b14-3 (source) into unstable (Emmanuel Bourg)
[2017-10-04] Accepted openjfx 8u141-b14-2 (source) into unstable (Emmanuel Bourg)
[2017-10-04] Accepted openjfx 8u141-b14-1 (source) into unstable (Emmanuel Bourg)
[2017-04-19] Accepted openjfx 8u131-b11-2 (source) into unstable (Emmanuel Bourg)
[2017-04-19] Accepted openjfx 8u131-b11-1 (source) into unstable (Emmanuel Bourg)
[2017-01-25] Accepted openjfx 8u121-b13-2 (source) into unstable (Emmanuel Bourg)
[2017-01-24] Accepted openjfx 8u121-b13-1 (source) into unstable (Emmanuel Bourg)
[2016-11-30] openjfx 8u111-b14-1 MIGRATED to testing (Debian testing watch)
[2016-11-24] Accepted openjfx 8u111-b14-1 (source all amd64) into unstable (Emmanuel Bourg)
[2016-10-25] Accepted openjfx 8u102-b14-1~bpo8+1 (source amd64 all) into jessie-backports (Emmanuel Bourg)
[2016-08-01] openjfx 8u102-b14-1 MIGRATED to testing (Debian testing watch)
[2016-07-26] Accepted openjfx 8u102-b14-1 (source) into unstable (Emmanuel Bourg)
[2016-05-17] Accepted openjfx 8u91-b14-1~bpo8+1 (source amd64 all) into jessie-backports (Emmanuel Bourg)
[2016-05-17] openjfx 8u91-b14-1 MIGRATED to testing (Debian testing watch)
[2016-05-07] Accepted openjfx 8u91-b14-1 (source all amd64) into unstable (Emmanuel Bourg)

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 13)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 11.0.1+1-1
3 bugs