Bug#853998: CVE-2017-3250 / CVE-2017-3249 / CVE-2017-3247 / CVE-2016-5528 / CVE-2016-5519

Emmanuel Bourg ebourg at apache.org
Thu Feb 2 23:16:07 UTC 2017


Le 2/02/2017 à 23:08, Moritz Muehlenhoff a écrit :

> So Oracle has these lovely, unspecified vulnerabilities reported against Glassfish,
> but it's my understanding that the Debian package only provides a minor subset
> what usually constitutes Java, so could you have a look, which of 
> 
> http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
> 
> might possibly affect the Debian package?

I think this is unlikely to affect our packages. We only have two
specification packages (glassfish-javaee and glassfish-jmac-api) and an
Object/Relational mapper (glassfish-toplink-essentials) that is never
used at runtime.

Emmanuel Bourg



More information about the pkg-java-maintainers mailing list