freebsd security - Nov 2015 - java/openjdk8 and jre

On Fri, Nov 13, 2015, at 17:52, Robert Simmons wrote:
> Greetings,
> 
> The following security vulnerability bug was reported about a week ago.
> Can
> someone mark the ports as insecure, please?
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204269
>
This is really annoying. 8u72 won't be available until *January* ?!

http://openjdk.java.net/projects/jdk8u/releases/8u72.html

-- 
  Mark Felder
  ports-secteam member
  feld at FreeBSD.org

I don't see a problem with that. u65 is the security fix version and u66 is
a bugfix that includes u65. The openjdk project appears to have skipped
straight to u66 since both were released simultaneously.
>From Oracle's website: "Java SE 8u65 includes important security
fixes.
Oracle strongly recommends that all Java SE 8 users upgrade to this
release. Java SE 8u66 is a patch-set update, including all of 8u65 plus
additional features (described in the release notes)."

The openjdk website lists u66 as released.

On Sun, Nov 15, 2015 at 10:30 AM, Mark Felder <feld at freebsd.org> wrote:
>
>
> On Fri, Nov 13, 2015, at 17:52, Robert Simmons wrote:
> > Greetings,
> >
> > The following security vulnerability bug was reported about a week
ago.
> > Can
> > someone mark the ports as insecure, please?
> >
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204269
> >
>
> This is really annoying. 8u72 won't be available until *January* ?!
>
> http://openjdk.java.net/projects/jdk8u/releases/8u72.html
>
> --
>   Mark Felder
>   ports-secteam member
>   feld at FreeBSD.org
>