control: reopen -1 > the references point to Oracle products, not OpenJDK.
Oracle java is effectively openjdk, so there is every reason to believe these issues affect it. It may take some research to track it all down, but that's how it goes with security problems. It's never easy. Sorry. > Another helpful report > from the Debian security team, like keeping long fixed security issues open > [1]. > [1] http://security-tracker.debian.org/tracker/source-package/openjdk-6 The security team has lots of other issues to deal with. You're responsible for this package and those problems should either be checked and fixed, or openjdk should get a blurb in the release notes about being impossible to provide security support. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org