Hi, Le jeudi 30 juin 2011 18:20:03, Harald Staub a écrit : > The security tracker still shows openjdk-6 as "needs to be checked", e.g.: > http://security-tracker.debian.org/tracker/CVE-2011-0872 > > OTOH, Ubuntu has issued a Security Notice for openjdk-6 on June 17: > http://www.ubuntu.com/usn/usn-1154-1/ > > So I should assume the Debian stable package to be vulnerable?
Ubuntu had just released a new upstream security release of IcedTea [0] which aggregate multiple security bugfixes from Oracle. It's not a specific security release for this bug. From RedHat bugtracket [1] and from IcedTea [2] repository, this issues seems only related to Windows handling of selector (and only windows files are touched by this patch). So this particular security issue doesn't need an urgent upload for openjdk-6. [0] http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011- June/014607.html [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0872 [2] http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/8d393fbff5d3/patches/security/20110607/6213702.patch Cheers, -- Damien - Debian Developper http://wiki.debian.org/DamienRaudeMorvan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
