openjdk team mailing list archive

[Paul Menzel <pm.debian@xxxxxxxxxxxxxx>]

Subject: openjdk-6: wrong version in `changelog.Debian.gz`
Package: openjdk-6
Version: 6b18-1.8.7-1
Severity: minor

Dear Debian folks,


in `changelog.Debian.gz` it says 

	openjdk-6 (6b18-1.8.7-1) unstable; urgency=medium

		* IcedTea6 1.9.7 release.
		  - S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption.
		  - S6907662, CVE-2010-4465: Swing timer-based security manager bypass.
		  - S6994263, CVE-2010-4472: Untrusted code allowed to replace
		    DSIG/C14N implementation.
		  - S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets.
		  - S6983554, CVE-2010-4450: Launcher incorrect processing of empty
		    library path entries.
		  - S6985453, CVE-2010-4471: Java2D font-related system property leak.
		  - S6927050, CVE-2010-4470: JAXP untrusted component state manipulation.
		  - CVE-2011-0706: Multiple signers privilege escalation.

		* IcedTea6 1.9.6 release.
	[…]

but I guess this has to be 1.8.{6,7} each time.

I wanted to submit a patch, but I could not find these lines in the directory created by `debcheckout openjdk-6`.


Thanks,

Paul

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Attachment: signature.asc
Description: This is a digitally signed message part