| Name | CVE-2012-3155 |
| Description | Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 692035 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| glassfish (PTS) | jessie | 1:2.1.1-b31g+dfsg1-2 | vulnerable |
| stretch | 1:2.1.1-b31g+dfsg1-4 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| glassfish | source | wheezy | (unfixed) | end-of-life | | |
| glassfish | source | jessie | (unfixed) | end-of-life | | |
| glassfish | source | (unstable) | (unfixed) | | | 692035 |
Notes
[stretch] - glassfish <ignored> (Only used a build dep, specific details withheld)
Oracle doesn't provide any useful public information to fix the package without importing a new upstream version.
[jessie] - glassfish <ignored> (Only used a build dep, specific details withheld)