Glassfish security support (in Squeeze)

Emmanuel Bourg ebourg at apache.org
Mon Sep 22 16:07:07 UTC 2014


Le 22/09/2014 17:44, Raphael Hertzog a écrit :

> If there are no objections, I'll file a bug against
> debian-security-support to request this. CC to the security team in case
> they want to request the same for Wheezy.

Hi Raphael,

Glasshfish is an important package for the Java ecosystem as it provides
JavaEE specification APIs used to build many other packages.

The CVEs reported are most likely related to the complete application
server which is almost unused in Debian (the glassfish-appserv package
has a low popcon and no reverse dependencies). Removing this package
should address the security concerns (yet, the package contains no init
script to run it as a daemon, so the risk is already zero since nobody
can use it).

Emmanuel Bourg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20140922/8ca713f5/attachment.sig>


More information about the pkg-java-maintainers mailing list