AW: Beginner's Question on Java Security Fixes
Maybe there is a misunderstanding. I am running Debian Wheezy, neither jessie nor sid. Certainly I want the best stability and security. Using Oracle's product, this would result in manually installing 7u21. But what if using openjdk-7-jre on wheezy? The version tag says it is 7u3, but I doubt that none of Oracle's fixes done between 7u3 and 7u21 is found in Wheezy. That's the problem I have. Everywhere Oracle says "since 7u21 it's safe", but I just cannot see whether this holds true for Wheezy's 7u3+?
Thanks!
-Markus
-----Ursprüngliche Nachricht-----
Von: paul.is.wise@gmail.com [mailto:paul.is.wise@gmail.com] Im Auftrag von Paul Wise
Gesendet: Mittwoch, 8. Mai 2013 07:57
An: debian-java@lists.debian.org
Betreff: Re: Beginner's Question on Java Security Fixes
On Wed, May 8, 2013 at 1:51 PM, Markus Karg wrote:
> Thank you for your kind answer. So this means there is no simple answer like e. g. "On Debian, openjdk-7-jre-2.x has the same security level than OpenJDK 7u21", but I have to check each single CVE, right?
In general, if you are running the upstream version that fixes the issues, then you have the same fixes, plus any issues fixed by Debian.
openjdk-7 7u21 is in jessie and sid, so if you are using openjdk-7 from there then you have the fixes from Oracle OpenJDK 7u21. openjdk-7
7u21 is not yet in wheezy though.
PS: I'm subscribed, no need to CC:
http://www.debian.org/MailingLists/#codeofconduct
--
bye,
pabs
http://wiki.debian.org/PaulWise
--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] CAKTje6EqLU-_Uct-7CzLTrReRtNouRRm6eNrCGbFcpL=i=+2tQ@mail.gmail.com">http://lists.debian.org/[🔎] CAKTje6EqLU-_Uct-7CzLTrReRtNouRRm6eNrCGbFcpL=i=+2tQ@mail.gmail.com
Reply to: