Bug#611138: CVE-2010-4438
Damien Raude-Morvan
drazzib at debian.org
Wed Jan 26 18:46:32 UTC 2011
Hi,
Le mardi 25 janvier 2011 23:02:18, Moritz Muehlenhoff a écrit :
> See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4438
>
> Please get in touch with Oracle to check, what "unspecified
> vulnerability" they fixed...
From CVE abstract :
"
Sun GlassFish Enterprise Server contains a flaw related to the 'Java Message
Service (JMS)' sub-component that may allow a local attacker to have a partial
affect on integrity and confidentiality and cause a denial of service. No
further details have been provided.
"
As we hardly build any real "Glassfish Server" but just some parts of API
library from Java EE specifications.
FYI, /usr/share/java/glassfish-jms.jar is just a collection of interfaces and
don't have any implementations of a JMS server.
So I don't think Debian package is affected by this issue, but we'll have to
wait until Oracle/Glassfish team publish some source code to confirm ths.
Cheers,
--
Damien - Debian Developper
http://wiki.debian.org/DamienRaudeMorvan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20110126/9bee12e8/attachment.pgp>
More information about the pkg-java-maintainers
mailing list