Le 27/05/2019 à 16:59, Thomas Stüfe a écrit : > Did you try to contact Debian folks to give them opportunity to fix > those security concerns before going public with them?
No he didn't, and I don't think he cares. I'd like to thank Aleksey Shipilev for bringing the issue in a constructive and civilized manner on the debian-java list. This led to the upload of OpenJDK 11.0.3+7 to the Debian 9 "Stretch" backport repository last week. Emmanuel Bourg
