The recent severe security flaw discovered in Oracle Java (https://blogs.oracle.com/java/entry/jav ... _addressed) that allows the possible installation of "ransomware" has been addressed by the release of Java SE Update 11.
Is IcedTea Java and the other Java tools and accessories in Debian subject to this security flaw and, if so, has there been any announcement about when a fix for the same might become available.
The common advice of "it's best to disable Java entirely" seems a bit unworkable unless you just don't often browse the Web!
With NoScript installed I feel safer, but have not yet had the time to explore the internals of this vulnerability so I may be "whistling past the graveyard".
Anyone know the facts on this? Thanks much!