java debian packages out of date please fix ASAP!

[UNDERNET AI]

Greetings,


Both JRE and JDK package are out of date latest version is 1.6 update 24 and your package is currently only on update 22. The latest version fixes eight very serious security bugs that do not require authentication in order to be exploited. Update 23 that was released even earlier before update 24 fixes a dangerous remote denial of service flaw that causes a JVM to go into an infinite loop just by sending a certain floating point number to the server. Its been 4 days since the latest critical update was released yet it still has not been updated. Considering that these exploits are very serious I would have expected these packages to be updated within 48 hours but this has not happened. 


This is NOT acceptable considering that almost all debian and ubuntu users rely on these packages to keep the offical oracle java JRE and JDK up to date via auto update.


Please update these packages ASAP and keep a closer watch on oracle updates in future to make sure the vulnerable phase when users do not have the latest version is minimized.


Thank you.




 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20110221/2648c70b/attachment.htm>