CVE-2012-3155: vulnerability in the CORBA ORB component

Debian Bug report logs - #692035
CVE-2012-3155: vulnerability in the CORBA ORB component

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Helmut Grohne <helmut@subdivi.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2012-3155: vulnerability in the CORBA ORB component

Date: Thu, 1 Nov 2012 15:21:03 +0100

Package: src:glassfish
Version: 1:2.1.1-b31g-3
Severity: serious
Tags: security

Dear glassfish maintainers,

Please determine whether and how glassfish as present in Debian is
affected by CVE-2012-3155. Please adjust the severity of this bug
accordingly.

| Unspecified vulnerability in the CORBA ORB component in Sun GlassFish
| Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and
| Sun Java System Application Server 8.1 and 8.2 allows remote attackers
| to affect availability, related to CORBA ORB.

Oracle mentions it on this page:
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Ubuntu has classified the issue medium and affected thus far:
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3155.html

Neither Red Hat nor Gentoo track the issue at the time of this writing.

Helmut

Message #12 received at 692035@bugs.debian.org (full text, mbox, reply):

From: Marcos Marado <mindboosternoori@gmail.com>

To: 692035@bugs.debian.org

Subject: Re: CVE-2012-3155: vulnerability in the CORBA ORB component

Date: Wed, 19 Jun 2013 16:24:41 +0100

According to upstream, this version is affected[1], while Glassfish 3.1.2.1 or 
later isn't. Also, take into account that Debian's current version has reached 
EOL[2].

BTW: why the severity level change?

[1] http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
[2] http://www.oracle.com/us/support/library/lifetime-support-
middleware-069163.pdf 

Best regards,
-- 
Marcos Marado

Message #17 received at 692035-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 506291-done@bugs.debian.org,692035-done@bugs.debian.org,875365-done@bugs.debian.org,

Cc: glassfish@packages.debian.org

Subject: Bug#910744: Removed package(s) from unstable

Date: Wed, 10 Oct 2018 18:05:28 +0000

Version: 1:2.1.1-b31g+dfsg1-4+rm

Dear submitter,

as the package glassfish has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/910744

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)

Send a report that this bug log contains spam.