Err... 6.24-1 has been available in the archive since February 16th [1]. (Personally, I applaud Sylvestre for the quick turn-around.) It takes slightly longer for the updated package to make it into stable, as Debian is a 100% volunteer organization and the security releases for stable must be coordinated amongst several teams.
However, there is nothing preventing you from either installing the packages from testing on your stable system (I don't see anything in the Depends that should cause an issue on squeeze). Or, you can easily pull the sources from either testing or unstable and building a binary package for your desired target platform. (I just did a build in a squeeze chroot and it took about 10 minutes, including downloading the sources.) Alternatively, if you'd like *unofficial* packages built inside a squeeze chroot, you fetch the i386 versions of the packages from here [2]. Email me privately if you want to go this route and need amd64. You can always review the current status of the sun-java6 packages across all of the Debian releases here [3]. tony [1] http://packages.qa.debian.org/s/sun-java6/news/20110216T113253Z.html [2] http://people.debian.org/~tmancill/ [3] http://packages.qa.debian.org/s/sun-java6.html On 02/21/2011 11:06 AM, UNDERNET AI wrote: > Greetings, > > > Both JRE and JDK package are out of date latest version is 1.6 update 24 > and your package is currently only on update 22. The latest version > fixes eight very serious security bugs that do not require > authentication in order to be exploited. Update 23 that was released > even earlier before update 24 fixes a dangerous remote denial of service > flaw that causes a JVM to go into an infinite loop just by sending a > certain floating point number to the server. Its been 4 days since the > latest critical update was released yet it still has not been updated. > Considering that these exploits are very serious I would have expected > these packages to be updated within 48 hours but this has not happened. > > > This is NOT acceptable considering that almost all debian and ubuntu > users rely on these packages to keep the offical oracle java JRE and JDK > up to date via auto update. > > > Please update these packages ASAP and keep a closer watch on oracle > updates in future to make sure the vulnerable phase when users do not > have the latest version is minimized. >
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.