On Jan 17, 2013, at 18:15 , Connie Sieh wrote:

> On Thu, 17 Jan 2013, Ken Teh wrote:
> 
>> What's the status of the java package that's installed on SL6x? java-1.6.0-openjdk.  Is it vulnerable to this java security flaw that made the national news this week?  Cyber is advising us to remove it but a lot of packages depend on it.  The biggie is LibreOffice.
> 
> I thought that the biggest issue was with Java 7 and not Java 6.


That's what I thought. In any case, removing the browser plugin (icedtea-web with openjdk) seems to be the most important step, and advisable wherever feasible. LibreOffice shouldn't depend on that.

A related question: Does anyone know whether openjdk6 will continue to be supported after the Oracle JDK6 end of service life?

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany