CentOS - Jul 2020 - OpenJDK vulnerability and best way to find status of package that remediates vulnerability for CentOS

>> 2. Is there a page like Ubuntu's CVE Tracker site where it shows
the
>> CVE, the package name, and the status
>
> Red Hat (CentOS's upsream) posts advisories for these sorts of things:
>
> https://access.redhat.com/errata/RHSA-2020:2969
>
> This is the security advisory for this package.
Yeah, I found this page cause harbor even links these, I apparently left out the
important piece in this question "and the status per OS" - e.g. CentOS
7 "pending", CentOS 8 "released"
I'm guessing there's not a central place?
>> 3. If 2 is no, How can I look up the status of a package that has
>> been released by upstream on CentOS? (e.g. it's been released in
>> Upstream, it's available in CentOS, it's pending backport for
CentOS 7)
> As I mentioned earlier, the Red Hat errata site is a good place to
> look.  You can search for CVEs there too.
This doesn't show the more critical piece though: "What is the status
of the package being released per CentOS?"

Leon mentioned:
> https://git.centos.org/rpms/java-11-openjdk/releases
Which (assuming I'm reading this right) seems like 11.0.8 was released for
CentOS 7 15 days ago...?
c7 = CentOS 7

But 11.0.8 isn't in the YUM repo, so that doesn't seem accurate.

I'm trying to find out "Ok, it's been released for CentOS 8,
what's the status of CentOS 7 - is it not vulnerable? Is it deferred?  Is it
pending?"

Essentially I want to find out how you know that "No, but it's in the
process of being built and distributed." - cause I can't tell that
based on any info I've found so far.