Is sun-java6 6.26-0squeeze1 vulnerable to CVE-2012-1723?
Kevin
kevin40 at fastmail.fm
Tue Aug 14 21:36:09 UTC 2012
> It is quite possible that sun-java6 is vulnerable to that CVE; I haven't
> checked. The problem is that we cannot do anything about it as we do
> not have permission to distribute updates for sun-java6[1]...
Thanks for the explanation. I understand this package has been dropped
from testing and unstable. Is there a way other than the Mozilla blocklist
to inform Squeeze users that they are running an insecure package? Since
I'm running "stable" and this package is still present in the repository,
I assumed it was still receiving security updates.
Forgive me if this is a naive question, but should the package be removed
from stable so users are not unwittingly given a false sense of security?
Thanks,
Kevin
--
http://www.fastmail.fm - Send your email first class
More information about the pkg-java-maintainers
mailing list