Bug#803591: security-tracker: DSA-3381-1 vs. tracker
On Sat, Oct 31, 2015 at 04:52:01PM +0100, Francesco Poli (wintermute) wrote:
> Package: security-tracker
> Severity: normal
> Hello everybody!
> DSA-3381-1  states that several vulnerabilities are fixed in
> openjdk-7/7u85-2.6.1-5 for sid, but the tracker  claims that many
> of those vulnerabilities are only fixed in openjdk-7/7u85-2.6.1-6 .
> Is that a typo in the DSA or should the tracker data be updated?
openjdk-7/7u85-2.6.1-6 for unstable is correct, but there is actually
a problem with the jessie-security version. It's beeing worked on.
> Moreover the tracker claims  that one of the vulnerabilities
> (CVE-2015-4871) is unfixed in sid.
> Again: is the DSA wrong or should the tracker data be updated?
Thanks, corrected that one. It is Oracle Java specific, so have
adjusted the tracker information to mark it as not-affected.