On Thu, 25 Sep 2014, Christoph Biedl wrote:
Raphael Hertzog wrote...
For Squeeze LTS, we can't really remove a single binary package with an
update since the update leaves in its own squeeze-lts repository and this
would not remove the package in the main squeeze repo.
To me, this
Hi Emmanuel,
On Mon, 22 Sep 2014, Emmanuel Bourg wrote:
Glasshfish is an important package for the Java ecosystem as it provides
JavaEE specification APIs used to build many other packages.
The CVEs reported are most likely related to the complete application
server which is almost unused
Le 23/09/2014 10:17, Raphael Hertzog a écrit :
This looks like a possible compromise (although the lack of init script
doesn't mean that nobody can use it, it's always possible to start it from
a custom script).
Ok I'll drop the glassfish-appserv package in the next upload. I agree
it may be
Hello,
while triaging CVE affecting Debian Squeeze I came on glassfish:
https://security-tracker.debian.org/tracker/source-package/glassfish
From what I gathered, Oracle doesn't provide any useful information to
apply a targeted fix on the current package. The 2.1.x branch is also
no longer
Le 22/09/2014 17:44, Raphael Hertzog a écrit :
If there are no objections, I'll file a bug against
debian-security-support to request this. CC to the security team in case
they want to request the same for Wheezy.
Hi Raphael,
Glasshfish is an important package for the Java ecosystem as it
5 matches
Mail list logo
