On Wed, May 8, 2013 at 1:51 PM, Markus Karg wrote: > Thank you for your kind answer. So this means there is no simple answer like > e. g. "On Debian, openjdk-7-jre-2.x has the same security level than OpenJDK > 7u21", but I have to check each single CVE, right?
In general, if you are running the upstream version that fixes the issues, then you have the same fixes, plus any issues fixed by Debian. openjdk-7 7u21 is in jessie and sid, so if you are using openjdk-7 from there then you have the fixes from Oracle OpenJDK 7u21. openjdk-7 7u21 is not yet in wheezy though. PS: I'm subscribed, no need to CC: http://www.debian.org/MailingLists/#codeofconduct -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6EqLU-_Uct-7CzLTrReRtNouRRm6eNrCGbFcpL=i=+2...@mail.gmail.com
