cannot see evidence of security fixes after upgrade of openjdk package
I want to see CVE listed as fixes or backports after i upgraded java-1.6-openjdk but i am only seeing some few ones and quite old.
i have upgraded my openjdk to the latest package and used the command rpm -q java-1-6-openjdk --changelog | grep CVE to check whether the fix is included in the updated version.
Or is there any other way to check ? I need to give evidence to my security team as part of remediation of vulnerabilities.
