> It is quite possible that sun-java6 is vulnerable to that CVE; I haven't > checked. The problem is that we cannot do anything about it as we do > not have permission to distribute updates for sun-java6[1]...
Thanks for the explanation. I understand this package has been dropped from testing and unstable. Is there a way other than the Mozilla blocklist to inform Squeeze users that they are running an insecure package? Since I'm running "stable" and this package is still present in the repository, I assumed it was still receiving security updates. Forgive me if this is a naive question, but should the package be removed from stable so users are not unwittingly given a false sense of security? Thanks, Kevin -- http://www.fastmail.fm - Send your email first class __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.