CVE-2017-10135 log

Source
Severity Low
Remote Yes
Type Private key recovery
Description
A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel.
Group Package Affected Fixed Severity Status Ticket
AVG-380 jdk7-openjdk 7.u131_2.6.9-1 7.u151_2.6.11-1 Critical Fixed
Date Advisory Group Package Severity Type
12 Aug 2017 ASA-201708-8 AVG-380 jdk7-openjdk Critical multiple issues
References
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27