Bug#611138: CVE-2010-4438

Damien Raude-Morvan drazzib at debian.org
Wed Jan 26 18:46:32 UTC 2011


Hi,

Le mardi 25 janvier 2011 23:02:18, Moritz Muehlenhoff a écrit :
> See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4438
> 
> Please get in touch with Oracle to check, what "unspecified
> vulnerability" they fixed...

From CVE abstract :
"
Sun GlassFish Enterprise Server contains a flaw related to the 'Java Message 
Service (JMS)' sub-component that may allow a local attacker to have a partial 
affect on integrity and confidentiality and cause a denial of service. No 
further details have been provided. 
"

As we hardly build any real "Glassfish Server" but just some parts of API 
library from Java EE specifications.
FYI, /usr/share/java/glassfish-jms.jar is just a collection of interfaces and 
don't have any implementations of a JMS server.

So I don't think Debian package is affected by this issue, but we'll have to 
wait until Oracle/Glassfish team publish some source code to confirm ths.

Cheers,
-- 
Damien - Debian Developper
http://wiki.debian.org/DamienRaudeMorvan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20110126/9bee12e8/attachment.pgp>


More information about the pkg-java-maintainers mailing list