Bug#853998: CVE-2017-3250 / CVE-2017-3249 / CVE-2017-3247 / CVE-2016-5528 / CVE-2016-5519

[Emmanuel Bourg]

Le 2/02/2017 à 23:08, Moritz Muehlenhoff a écrit :

> So Oracle has these lovely, unspecified vulnerabilities reported against 
> Glassfish,
> but it's my understanding that the Debian package only provides a minor subset
> what usually constitutes Java, so could you have a look, which of 
> 
> http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
> 
> might possibly affect the Debian package?

I think this is unlikely to affect our packages. We only have two
specification packages (glassfish-javaee and glassfish-jmac-api) and an
Object/Relational mapper (glassfish-toplink-essentials) that is never
used at runtime.

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#853998: CVE-2017-3250 / CVE-2017-3249 / CVE-2017-3247 / CVE-2016-5528 / CVE-2016-5519

[Moritz Muehlenhoff]

Source: glassfish
Severity: grave
Tags: security

So Oracle has these lovely, unspecified vulnerabilities reported against 
Glassfish,
but it's my understanding that the Debian package only provides a minor subset
what usually constitutes Java, so could you have a look, which of 

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

might possibly affect the Debian package?

Cheers,
Moritz

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.