The security tracker still shows openjdk-6 as "needs to be checked", e.g.: http://security-tracker.debian.org/tracker/CVE-2011-0872
OTOH, Ubuntu has issued a Security Notice for openjdk-6 on June 17: http://www.ubuntu.com/usn/usn-1154-1/ So I should assume the Debian stable package to be vulnerable? Cheers Harry __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
