Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386353 (CVE-2011-1511)

Summary: <dev-java/glassfish-servlet-api-3.1.1: multiple vulnerabilities (CVE-2011-{1511,2260})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 15:09:01 UTC 
CVE-2011-2260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2260):
  Unspecified vulnerability in the Oracle GlassFish Server component in Oracle
  Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality
  and integrity via unknown vectors related to Administration.

CVE-2011-1511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1511):
  Unspecified vulnerability in the Oracle GlassFish Server component in Oracle
  Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to affect
  confidentiality and integrity via unknown vectors related to Administration.
Comment 1 Patrice Clement gentoo-dev 2015-09-05 15:20:57 UTC 
commit 48fe490 (HEAD, master)
Author: Patrice Clement <monsieurp@gentoo.org>
Date:   Sat Sep 5 15:19:08 2015 +0000

    dev-java/glassflish-servlet-api: Version bump. Fixes security bug 386353.
    
    Package-Manager: portage-2.2.18
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

 create mode 100644 dev-java/glassfish-servlet-api/glassfish-servlet-api-3.1.1.ebuild

Arch teams,

Please stabilise:
dev-java/glassflish-servlet-api-3.1.1

Target arches:
amd64 x86

Security,

Please vote.
Comment 2 Agostino Sarubbo gentoo-dev 2015-09-06 08:48:34 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-09-06 08:49:28 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Patrice Clement gentoo-dev 2015-09-06 09:10:32 UTC 
commit 20d8bc1 (HEAD, master)
Author: Patrice Clement <monsieurp@gentoo.org>
Date:   Sun Sep 6 09:09:53 2015 +0000

    dev-java/glassfish-servlet-api: Remove vulnerable version. Fixes security bug 386353.
    
    Package-Manager: portage-2.2.18
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

 delete mode 100644 dev-java/glassfish-servlet-api/files/build_xml.patch
 delete mode 100644 dev-java/glassfish-servlet-api/glassfish-servlet-api-2_beta44.ebuild

Security,

Please vote.
Comment 5 Patrice Clement gentoo-dev 2015-09-11 08:20:25 UTC 
ping @security
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-09-11 08:59:53 UTC 
GLSA Vote: No
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-10-15 14:08:22 UTC 
GLSA vote: no.