Maybe there is a misunderstanding. I am running Debian Wheezy, neither jessie nor sid. Certainly I want the best stability and security. Using Oracle's product, this would result in manually installing 7u21. But what if using openjdk-7-jre on wheezy? The version tag says it is 7u3, but I doubt that none of Oracle's fixes done between 7u3 and 7u21 is found in Wheezy. That's the problem I have. Everywhere Oracle says "since 7u21 it's safe", but I just cannot see whether this holds true for Wheezy's 7u3+?
Thanks! -Markus -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Paul Wise Gesendet: Mittwoch, 8. Mai 2013 07:57 An: [email protected] Betreff: Re: Beginner's Question on Java Security Fixes On Wed, May 8, 2013 at 1:51 PM, Markus Karg wrote: > Thank you for your kind answer. So this means there is no simple answer like > e. g. "On Debian, openjdk-7-jre-2.x has the same security level than OpenJDK > 7u21", but I have to check each single CVE, right? In general, if you are running the upstream version that fixes the issues, then you have the same fixes, plus any issues fixed by Debian. openjdk-7 7u21 is in jessie and sid, so if you are using openjdk-7 from there then you have the fixes from Oracle OpenJDK 7u21. openjdk-7 7u21 is not yet in wheezy though. PS: I'm subscribed, no need to CC: http://www.debian.org/MailingLists/#codeofconduct -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAKTje6EqLU-_Uct-7CzLTrReRtNouRRm6eNrCGbFcpL=i=+2...@mail.gmail.com
