On Mon, Jan 02, 2012 at 09:56:20AM +0100, Torsten Werner wrote: > Hi, > > On Sun, Jan 1, 2012 at 11:53 PM, Thijs Kinkhorst <th...@debian.org> wrote: > > It was reported that Glassfish is affected by the predictable hash > > collisions > > attack that made its rounds around the net this week. This is tracked at > > http://security-tracker.debian.org/tracker/CVE-2011-5035 > > I do not think that we are vulnerable because Debian does not ship a > full glassfish stack. We build some core libs only. > > > Can you ensure that fixed packages are uploaded to sid as soon as possible, > > and assert whether a fix for lenny and squeeze would be necessary? > > I do not even understand how to reproduce the issue. May you elaborate > on that, please?
The advisory can be found here: http://www.nruns.com/_downloads/advisory28122011.pdf I'm not sure where to find "Oracle security ticket S0104869", though. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
