java debian packages out of date please fix ASAP!
Manfred Moser
manfred at mosabuam.com
Mon Feb 21 23:53:11 UTC 2011
Wow... this a a bit rude to say the least. If you really need to be super
up to date you could
use the upstream package or maybe help with packaging or pay someone to do
it for you..
manfred
> Greetings,
>
>
> Both JRE and JDK package are out of date latest version is 1.6 update 24
> and your package is currently only on update 22. The latest version fixes
> eight very serious security bugs that do not require authentication in
> order to be exploited. Update 23 that was released even earlier before
> update 24 fixes a dangerous remote denial of service flaw that causes a
> JVM to go into an infinite loop just by sending a certain floating point
> number to the server. Its been 4 days since the latest critical update was
> released yet it still has not been updated. Considering that these
> exploits are very serious I would have expected these packages to be
> updated within 48 hours but this has not happened.
>
>
> This is NOT acceptable considering that almost all debian and ubuntu users
> rely on these packages to keep the offical oracle java JRE and JDK up to
> date via auto update.
>
>
> Please update these packages ASAP and keep a closer watch on oracle
> updates in future to make sure the vulnerable phase when users do not have
> the latest version is minimized.
>
>
> Thank you.
>
>
>
>
> __
> This is the maintainer address of Debian's Java team
> <http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>.
> Please use
> debian-java at lists.debian.org for discussions and questions.
>
More information about the pkg-java-maintainers
mailing list