reopen 559765 thanks On Mon, 07 Dec 2009 10:38:07 +0100, Niels Thykier wrote: > I found the upstream bug report[1] where upstream say they have fixed it > in 6.1.7 (and provide a fix for earlier versions as well) - I saw no > reason to doubt this.
changelog notes are not sufficient justification to close a security issue. the source needs to be checked against a patch, so please find a way to track that down. the easiest way is probably to just ask upstream. thanks. mike _______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers