Hi, Le mardi 25 janvier 2011 23:02:18, Moritz Muehlenhoff a écrit : > See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4438 > > Please get in touch with Oracle to check, what "unspecified > vulnerability" they fixed...
From CVE abstract : " Sun GlassFish Enterprise Server contains a flaw related to the 'Java Message Service (JMS)' sub-component that may allow a local attacker to have a partial affect on integrity and confidentiality and cause a denial of service. No further details have been provided. " As we hardly build any real "Glassfish Server" but just some parts of API library from Java EE specifications. FYI, /usr/share/java/glassfish-jms.jar is just a collection of interfaces and don't have any implementations of a JMS server. So I don't think Debian package is affected by this issue, but we'll have to wait until Oracle/Glassfish team publish some source code to confirm ths. Cheers, -- Damien - Debian Developper http://wiki.debian.org/DamienRaudeMorvan
signature.asc
Description: This is a digitally signed message part.
