Hello, while triaging CVE affecting Debian Squeeze I came on glassfish: https://security-tracker.debian.org/tracker/source-package/glassfish
>From what I gathered, Oracle doesn't provide any useful information to apply a targeted fix on the current package. The 2.1.x branch is also no longer maintained upstream. The only solution would be to import new upstream versions but I think this is out of scope for such a package, particularly when the current Debian maintainers have not provided such an updated package yet (I just filed #762462 about this). Thus I believe that we should mark the package as <end-of-life> and recognize officially our inability to handle this package. If there are no objections, I'll file a bug against debian-security-support to request this. CC to the security team in case they want to request the same for Wheezy. Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
