security support for openjdk in debian has always been a bit flaky. packages in
edgy were not updated anymore, and updates to squeeze come late. So the
"support" from Oracle was/is not used by the security team even when the
security updates from Oracle are available. Certainly the situation doesn't get
better, if Oracle's support is limited to openjdk7 only, however there should be
the possibility to backport the patches to openjdk6, which will get harder, the
more the hotspot version diverges in newer openjdk7 builds.
Now downgrading the severity to let the current, still supported openjdk update
openjdk7 would be something nice to have, because it seems to build on kfreebsd
as well (at least when building on a wheezy installation), but there are still
some things not yet ported to 7.
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org