Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386353 (CVE-2011-1511) - <dev-java/glassfish-servlet-api-3.1.1: multiple vulnerabilities (CVE-2011-{1511,2260})
Summary: <dev-java/glassfish-servlet-api-3.1.1: multiple vulnerabilities (CVE-2011-{15...
Status: RESOLVED FIXED
Alias: CVE-2011-1511
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 15:09 UTC by GLSAMaker/CVETool Bot
Modified: 2015-10-15 14:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:09:01 UTC
CVE-2011-2260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2260):
  Unspecified vulnerability in the Oracle GlassFish Server component in Oracle
  Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality
  and integrity via unknown vectors related to Administration.

CVE-2011-1511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1511):
  Unspecified vulnerability in the Oracle GlassFish Server component in Oracle
  Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to affect
  confidentiality and integrity via unknown vectors related to Administration.
Comment 1 Patrice Clement gentoo-dev 2015-09-05 15:20:57 UTC
commit 48fe490 (HEAD, master)
Author: Patrice Clement <monsieurp@gentoo.org>
Date:   Sat Sep 5 15:19:08 2015 +0000

    dev-java/glassflish-servlet-api: Version bump. Fixes security bug 386353.
    
    Package-Manager: portage-2.2.18
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

 create mode 100644 dev-java/glassfish-servlet-api/glassfish-servlet-api-3.1.1.ebuild

Arch teams,

Please stabilise:
dev-java/glassflish-servlet-api-3.1.1

Target arches:
amd64 x86

Security,

Please vote.
Comment 2 Agostino Sarubbo gentoo-dev 2015-09-06 08:48:34 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-09-06 08:49:28 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Patrice Clement gentoo-dev 2015-09-06 09:10:32 UTC
commit 20d8bc1 (HEAD, master)
Author: Patrice Clement <monsieurp@gentoo.org>
Date:   Sun Sep 6 09:09:53 2015 +0000

    dev-java/glassfish-servlet-api: Remove vulnerable version. Fixes security bug 386353.
    
    Package-Manager: portage-2.2.18
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

 delete mode 100644 dev-java/glassfish-servlet-api/files/build_xml.patch
 delete mode 100644 dev-java/glassfish-servlet-api/glassfish-servlet-api-2_beta44.ebuild

Security,

Please vote.
Comment 5 Patrice Clement gentoo-dev 2015-09-11 08:20:25 UTC
ping @security
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-09-11 08:59:53 UTC
GLSA Vote: No
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-10-15 14:08:22 UTC
GLSA vote: no.