According to upstream, this version is affected[1], while Glassfish 3.1.2.1 or 
later isn't. Also, take into account that Debian's current version has reached 
EOL[2].

BTW: why the severity level change?

[1] http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
[2] http://www.oracle.com/us/support/library/lifetime-support-
middleware-069163.pdf 

Best regards,
-- 
Marcos Marado

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to