Mark H Weaver <m...@netris.org> writes: > Can someone familiar with our Java packages please investigate and apply > any needed security updates? > > https://www.debian.org/security/2016/dsa-3465
There hasn’t been any new IcedTea release beyond what we offer in Guix. According to the release announcements for the two latest IcedTea releases 1.13.10 and 2.6.4 the vulnerabilities have already been addressed (and more than those listed in the Debian security advisory). Here’s the list of the security vulnerabilities listed in the advisory followed by the version of IcedTea in which they are fixed: CVE-2015-7575 (2.6.4) CVE-2016-0402 (1.13.10 and 2.6.4) CVE-2016-0448 (1.13.10 and 2.6.4) CVE-2016-0466 (1.13.10 and 2.6.4) CVE-2016-0483 (1.13.10 and 2.6.4) CVE-2016-0494 (1.13.10 and 2.6.4) Only CVE-2015-7575 is not mentioned in the release announcement for 1.13.10. I don’t know if this affects 1.13.10. ~~ Ricardo