Hi Francesco, On Sat, Oct 31, 2015 at 04:52:01PM +0100, Francesco Poli (wintermute) wrote: > Package: security-tracker > Severity: normal > > Hello everybody! > > DSA-3381-1 [1] states that several vulnerabilities are fixed in > openjdk-7/7u85-2.6.1-5 for sid, but the tracker [2] claims that many > of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 . > Is that a typo in the DSA or should the tracker data be updated?
openjdk-7/7u85-2.6.1-6 for unstable is correct, but there is actually a problem with the jessie-security version. It's beeing worked on. > Moreover the tracker claims [3] that one of the vulnerabilities > (CVE-2015-4871) is unfixed in sid. > Again: is the DSA wrong or should the tracker data be updated? Thanks, corrected that one. It is Oracle Java specific, so have adjusted the tracker information to mark it as not-affected. Regards, Salvatore