Hello, while triaging CVE affecting Debian Squeeze I came on glassfish: https://security-tracker.debian.org/tracker/source-package/glassfish
From what I gathered, Oracle doesn't provide any useful information to apply a targeted fix on the current package. The 2.1.x branch is also no longer maintained upstream. The only solution would be to import new upstream versions but I think this is out of scope for such a package, particularly when the current Debian maintainers have not provided such an updated package yet (I just filed #762462 about this). Thus I believe that we should mark the package as <end-of-life> and recognize officially our inability to handle this package. If there are no objections, I'll file a bug against debian-security-support to request this. CC to the security team in case they want to request the same for Wheezy. Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
