Subject: openjdk-6: wrong version in `changelog.Debian.gz` Package: openjdk-6 Version: 6b18-1.8.7-1 Severity: minor
Dear Debian folks,
in `changelog.Debian.gz` it says
openjdk-6 (6b18-1.8.7-1) unstable; urgency=medium
* IcedTea6 1.9.7 release.
- S6878713, CVE-2010-4469: Hotspot backward jsr heap
corruption.
- S6907662, CVE-2010-4465: Swing timer-based security manager
bypass.
- S6994263, CVE-2010-4472: Untrusted code allowed to replace
DSIG/C14N implementation.
- S6981922, CVE-2010-4448: DNS cache poisoning by untrusted
applets.
- S6983554, CVE-2010-4450: Launcher incorrect processing of
empty
library path entries.
- S6985453, CVE-2010-4471: Java2D font-related system
property leak.
- S6927050, CVE-2010-4470: JAXP untrusted component state
manipulation.
- CVE-2011-0706: Multiple signers privilege escalation.
* IcedTea6 1.9.6 release.
[…]
but I guess this has to be 1.8.{6,7} each time.
I wanted to submit a patch, but I could not find these lines in the directory
created by `debcheckout openjdk-6`.
Thanks,
Paul
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
signature.asc
Description: This is a digitally signed message part
