http://www.securityfocus.com/bid/7109 says Sun's JRE and Java SDKs versions
less than 1.4.1_02 are vulnerable as well as IBM's JDK.
The BID seems to indicate the vulnerability is in java.util.zip
I'm not sure which versions of Java JRE's and SDKs are in Debian, but it
seems to me that in Contrib there's an IBM JDK installer that might install
an affected version.
Can someone check into these? Don't contact [EMAIL PROTECTED] until
you are confident that stable or oldstable is affected.
Drew Daniels
