Hi, On Sun, Jan 1, 2012 at 11:53 PM, Thijs Kinkhorst <th...@debian.org> wrote: > It was reported that Glassfish is affected by the predictable hash collisions > attack that made its rounds around the net this week. This is tracked at > http://security-tracker.debian.org/tracker/CVE-2011-5035
I do not think that we are vulnerable because Debian does not ship a full glassfish stack. We build some core libs only. > Can you ensure that fixed packages are uploaded to sid as soon as possible, > and assert whether a fix for lenny and squeeze would be necessary? I do not even understand how to reproduce the issue. May you elaborate on that, please? Thanks, Torsten __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.