Thank you for your kind answer. So this means there is no simple answer like e. g. "On Debian, openjdk-7-jre-2.x has the same security level than OpenJDK 7u21", but I have to check each single CVE, right?
Thanks! -Markus -----Ursprüngliche Nachricht----- Von: paul.is.w...@gmail.com [mailto:paul.is.w...@gmail.com] Im Auftrag von Paul Wise Gesendet: Mittwoch, 8. Mai 2013 07:38 An: debian-java@lists.debian.org Betreff: Re: Beginner's Question on Java Security Fixes On Wed, May 8, 2013 at 1:20 PM, Markus Karg wrote: > While programming for more than 25 years (more than a decade with Java > SE / EE), I am still a beginner with Debian. So please don’t mind my > possibly stupid question: Looking at all the security fixes that > Oracle provides, I wonder how I can see what of these fixes are > contained in Debian? I mean, for example, Oracle’s latest security fix > was 7u21. Where can I see which version of Debian’s openjdk-7-jre > package reflects that particular fixes, or whether these are contained in > Debian at all? The general answer here is to look at the security tracker page for the source package: https://security-tracker.debian.org/tracker/source-package/openjdk-7 If the page is incorrect, it needs to be updated: https://security-tracker.debian.org/tracker/data/report You can see here which versions of openjdk-7 are included in Debian: http://packages.debian.org/src:openjdk-7 http://packages.qa.debian.org/o/openjdk-7.html -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6HS4_tw2FmD_HJ70899bjdrEh-g=firbz5dnzj...@mail.gmail.com
