On 07/27/2012 04:08 AM, Thijs Kinkhorst wrote:
>>> However, this is not a vulnerability, only extra hardening which is
>>> useful but not a vulnerability in itself. I'm therefore downgrading this
>>> bug to minor: the request to update the README.Debian.
>> Thank you for looking into this bug. I shouldn't have let this one go
>> for so long, but honestly, I'm not sure about the text to add to the
>> package readme.
>> Can you propose appropriate wording to add to README.Debian. Would it
>> be sufficient to reference the CVE and include a link (say, to )?
> See attached patch for a change to README.Debian. I've tested it and
> confirmed that it has the desired effect.
> Please apply it to the repository; I'm not sure that a separate upload to
> wheezy is warranted for this but if you're going to make an upload before
> the release please be sure to include this aswell.
Applied - thank you!
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.