[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#803591: security-tracker: DSA-3381-1 vs. tracker

Hi Francesco,

On Sat, Oct 31, 2015 at 04:52:01PM +0100, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> Hello everybody!
> DSA-3381-1 [1] states that several vulnerabilities are fixed in
> openjdk-7/7u85-2.6.1-5 for sid, but the tracker [2] claims that many
> of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 .
> Is that a typo in the DSA or should the tracker data be updated?

openjdk-7/7u85-2.6.1-6 for unstable is correct, but there is actually
a problem with the jessie-security version. It's beeing worked on.

> Moreover the tracker claims [3] that one of the vulnerabilities
> (CVE-2015-4871) is unfixed in sid.
> Again: is the DSA wrong or should the tracker data be updated?

Thanks, corrected that one. It is Oracle Java specific, so have
adjusted the tracker information to mark it as not-affected.


Reply to: