[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Glassfish security support (in Squeeze)


while triaging CVE affecting Debian Squeeze I came on glassfish:

>From what I gathered, Oracle doesn't provide any useful information to
apply a targeted fix on the current package. The 2.1.x branch is also
no longer maintained upstream.

The only solution would be to import new upstream versions but I think
this is out of scope for such a package, particularly when the current
Debian maintainers have not provided such an updated package yet (I
just filed #762462 about this).

Thus I believe that we should mark the package as <end-of-life> and
recognize officially our inability to handle this package.

If there are no objections, I'll file a bug against
debian-security-support to request this. CC to the security team in case
they want to request the same for Wheezy.

Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/

Reply to: