Bug#853998: CVE-2017-3250 / CVE-2017-3249 / CVE-2017-3247 / CVE-2016-5528 / CVE-2016-5519
Emmanuel Bourg
ebourg at apache.org
Thu Feb 2 23:16:07 UTC 2017
Le 2/02/2017 à 23:08, Moritz Muehlenhoff a écrit :
> So Oracle has these lovely, unspecified vulnerabilities reported against Glassfish,
> but it's my understanding that the Debian package only provides a minor subset
> what usually constitutes Java, so could you have a look, which of
>
> http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
>
> might possibly affect the Debian package?
I think this is unlikely to affect our packages. We only have two
specification packages (glassfish-javaee and glassfish-jmac-api) and an
Object/Relational mapper (glassfish-toplink-essentials) that is never
used at runtime.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list