Le 2/02/2017 à 23:08, Moritz Muehlenhoff a écrit : > So Oracle has these lovely, unspecified vulnerabilities reported against > Glassfish, > but it's my understanding that the Debian package only provides a minor subset > what usually constitutes Java, so could you have a look, which of > > http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html > > might possibly affect the Debian package?
I think this is unlikely to affect our packages. We only have two specification packages (glassfish-javaee and glassfish-jmac-api) and an Object/Relational mapper (glassfish-toplink-essentials) that is never used at runtime. Emmanuel Bourg __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.