Le 2/02/2017 à 23:08, Moritz Muehlenhoff a écrit :
> So Oracle has these lovely, unspecified vulnerabilities reported against
> but it's my understanding that the Debian package only provides a minor subset
> what usually constitutes Java, so could you have a look, which of
> might possibly affect the Debian package?
I think this is unlikely to affect our packages. We only have two
specification packages (glassfish-javaee and glassfish-jmac-api) and an
Object/Relational mapper (glassfish-toplink-essentials) that is never
used at runtime.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.