Q about 8u442 applicability of JDK-8330045 (Enhance array handling) / CVE-2025-21502
David Holmes
david.holmes at oracle.com
Tue Feb 11 09:05:24 UTC 2025
On 10/02/2025 3:04 pm, Thorsten Glaser wrote:
> On Mon, 10 Feb 2025, David Holmes wrote:
>
>> 8u-perf is an Oracle product. You won't find any links to commits for it.
>
> Guess so.
>
>>> I also cannot read JDK-8330045 (wants a login, in contrast to the
>>> other JDK-####### bugs I peeked into).
>>>
>>> So, what’s the state of this?
>>
>> The entry here lists all the affected versions:
>>
>> https://www.oracle.com/security-alerts/cpujan2025.html
>
> It doesn’t, it doesn’t list OpenJDK after all, and I know that at
> least some OpenJDK versions are affected.
If you want to know if an OpenJDK distribution is affected you should
ask the organisation distributing it. I pointed you to the information
for Oracle JDK.
If you want to know if the fix is in an OpenJDK source repository then
use "git log" to search for it.
David
> bye,
> //mirabilos
More information about the jdk8u-dev
mailing list