Glassfish security support (in Squeeze)
while triaging CVE affecting Debian Squeeze I came on glassfish:
>From what I gathered, Oracle doesn't provide any useful information to
apply a targeted fix on the current package. The 2.1.x branch is also
no longer maintained upstream.
The only solution would be to import new upstream versions but I think
this is out of scope for such a package, particularly when the current
Debian maintainers have not provided such an updated package yet (I
just filed #762462 about this).
Thus I believe that we should mark the package as <end-of-life> and
recognize officially our inability to handle this package.
If there are no objections, I'll file a bug against
debian-security-support to request this. CC to the security team in case
they want to request the same for Wheezy.
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook: