Le 22/09/2014 17:44, Raphael Hertzog a écrit :

> If there are no objections, I'll file a bug against
> debian-security-support to request this. CC to the security team in case
> they want to request the same for Wheezy.

Hi Raphael,

Glasshfish is an important package for the Java ecosystem as it provides
JavaEE specification APIs used to build many other packages.

The CVEs reported are most likely related to the complete application
server which is almost unused in Debian (the glassfish-appserv package
has a low popcon and no reverse dependencies). Removing this package
should address the security concerns (yet, the package contains no init
script to run it as a daemon, so the risk is already zero since nobody
can use it).

Emmanuel Bourg

Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to