tags 559765 + wontfix thanks On Mon, Dec 7, 2009 at 5:10 PM, Michael Gilbert <[email protected]> wrote: > changelog notes are not sufficient justification to close a security > issue. the source needs to be checked against a patch, so please find a > way to track that down. the easiest way is probably to just ask > upstream. thanks.
No, I think it is your duty as the bug reporter to prove that the package is still vulnerable. Torsten _______________________________________________ pkg-java-maintainers mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
