Your message dated Fri, 21 Apr 2017 15:48:52 +0000 with message-id <e1d1ank-000apc...@fasolo.debian.org> and subject line Bug#860866: fixed in activemq 5.14.3-3 has caused the Debian Bug report #860866, regarding activemq: CVE-2015-7559: DoS in client via shutdown command to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 860866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: activemq Version: 5.6.0+dfsg1-4 Severity: important Tags: upstream patch security Forwarded: https://issues.apache.org/jira/browse/AMQ-6470 Hi, the following vulnerability was published for activemq. CVE-2015-7559[0]: DoS in client via shutdown command If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7559 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559 [1] https://issues.apache.org/jira/browse/AMQ-6470 [2] https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e I'm not too familiar with activemq, but from code inspection only the class (although on different path in the source) is present back as well in the version in jessie. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: activemq Source-Version: 5.14.3-3 We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 860...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated activemq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Apr 2017 16:24:41 +0200 Source: activemq Binary: libactivemq-java libactivemq-java-doc activemq Architecture: source Version: 5.14.3-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: activemq - Java message broker - server libactivemq-java - Java message broker core libraries libactivemq-java-doc - Java message broker core libraries - documentation Closes: 860866 Changes: activemq (5.14.3-3) unstable; urgency=medium . * Team upload. * Fix CVE-2017-7559. DoS in client via shutdown command. Thanks to Salvatore Bonaccorso for the report. (Closes: #860866) Checksums-Sha1: 2d550284bf5ec01dc797ce479a7ea79370470667 3646 activemq_5.14.3-3.dsc 9f819702a3bc4f8f808f9fbe633fd3657eb2af44 15736 activemq_5.14.3-3.debian.tar.xz bd9eb3629c8c60850e9d812058c4839dccb1f7c9 17006 activemq_5.14.3-3_amd64.buildinfo Checksums-Sha256: c1e6390c2a5d2ae0a4ac348e9677ec356628aed7dc44b8eaa199312e5b910c12 3646 activemq_5.14.3-3.dsc 631f44d78e70a0b5aabc5f38ae0c8cde785918f44e62b8d8810ebc0d2e1533fb 15736 activemq_5.14.3-3.debian.tar.xz 35aabe3d2af941fa321a6dfa272800d72c2285ead2aa764bc98fd8c074e7cbac 17006 activemq_5.14.3-3_amd64.buildinfo Files: 95ff553fa1e6b9cd7e5ac6c726b3ef31 3646 java optional activemq_5.14.3-3.dsc 748746967306850ed23ad76d9cde3f49 15736 java optional activemq_5.14.3-3.debian.tar.xz 994ef2581dd6d81f721af648b9ede305 17006 java optional activemq_5.14.3-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj6I6pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkk6YP/1byh/G+XWDvkncQmxcR5CWFwYYh5yH+UWap WI8Lf9TrgSD3wHXql/nRkWwMcgHcfIrYHL+GW8633w+Pk+x1E0qaD3AncKluGRxe W3wEVH7E5HcACIJ4V4SRMPtyAjHJwDkDLdR1lAR2RBYfq1CP9/kxcymrFVL8CUDa p/oz3kOLx8BuKjbp6e8ZsX8WJttp1XHfu5z1tNIFmkiYP4jqM2ntAwrR+nBoTmqX CH1XeqXLWvVISwKM2Z4rklh40EGbe/aX0qUeyWjm380nrgXHn7sQF4FLk6QuVIxG +yHQKZ5X0LbzbagaoV6jzYkGuydUQ6Mk9VQgTZAOopDuP9ROUWL3N4u+cUKWVz8Y aF6qE9GxKc/wOxHfYS5QxE1CGn6GLn2OteURuBxvVoUMbG22sgaqwaQ3h1sgjdLq +Ll8UyJlsjEvPn0NqhK4xuSsC5vsquwpKlUF8uqRqP83aHdoa7VBW9zJo3A73qlk FaAfVi3s8OviHdTS9cbNc2RehKh0cCl9rHZUdvtrm08n2RPw31etWEjXUBtu49EB UsX1PkCvKQoRfKhfATPhwYGem8/TyaSFfgUH9OTI2danOaG8z8S422m1UaKM4W6n qdnI5Y0/6XHUfTSHwqEO4w8PUQ08kHYwjDmizJAxiqBL4Np8jS0vJEQpk2sCHc62 bx4so1Up =9p9J -----END PGP SIGNATURE-----
--- End Message ---
