The security tracker still shows openjdk-6 as "needs to be checked", e.g.: http://security-tracker.debian.org/tracker/CVE-2011-0872
OTOH, Ubuntu has issued a Security Notice for openjdk-6 on June 17: http://www.ubuntu.com/usn/usn-1154-1/ So I should assume the Debian stable package to be vulnerable? Cheers Harry -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org