oss-sec mailing list archives

Re: SpringShell and recent OpenJDK updates

From: Seth Arnold <seth.arnold () canonical com>
Date: Wed, 30 Mar 2022 20:11:36 +0000

On Wed, Mar 30, 2022 at 02:31:41PM -0400, Jeffrey Walton wrote:

I saw Ubuntu patched OpenJDK 11 recently. [1] Was that due to SpringShell? [2]

Or stepping back a bit, did the SpringShell folks work with distros?
Or did they really drop a 0-day?

[1] https://ubuntu.com/security/notices/USN-5313-2
[2] https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html


Hello Jeff, as far as I know, Ubuntu received no communication from
anyone about SpringShell. These are just bugfixes.

Thanks

Attachment: signature.asc
Description:

Current thread:

SpringShell and recent OpenJDK updates Jeffrey Walton (Mar 30)
- Re: SpringShell and recent OpenJDK updates Seth Arnold (Mar 30)
- Re: SpringShell and recent OpenJDK updates Alan Coopersmith (Mar 30)
  - Re: SpringShell and recent OpenJDK updates Kevin Decherf (Mar 31)