Short update:

One staff member told me that my options are to read the advisories,
which don't contain any detailed information or patches, or, if I have a
commercial license, to contact support. Great, let's buy a license to
get more information about security bugs.

So far the only viable option would be to upgrade to the latest upstream
release and backport that to Wheezy, Jessie and Stretch as well but I'm
not thrilled to maintain another Oracle-like Java package when it comes
to security bugs.


Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to