Your message dated Sun, 19 Nov 2023 06:04:37 +0000 with message-id <e1r4av7-003nwf...@fasolo.debian.org> and subject line Bug#1054909: fixed in activemq 5.17.6+dfsg-1 has caused the Debian Bug report #1054909, regarding activemq: CVE-2023-46604 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1054909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: grave X-Debbugs-CC: t...@security.debian.org Severity: activemq Tags: security Hi, The following vulnerability was published for grave. CVE-2023-46604[0]: | Apache ActiveMQ is vulnerable to Remote Code Execution.The | vulnerability may allow a remote attacker with network access to a | broker to run arbitrary shell commands by manipulating serialized | class types in the OpenWire protocol to cause the broker to | instantiate any class on the classpath. Users are recommended to | upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes | this issue. https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt http://www.openwall.com/lists/oss-security/2023/10/27/5 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: activemq Source-Version: 5.17.6+dfsg-1 Done: tony mancill <tmanc...@debian.org> We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1054...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill <tmanc...@debian.org> (supplier of updated activemq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2023 21:17:22 -0800 Source: activemq Architecture: source Version: 5.17.6+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: tony mancill <tmanc...@debian.org> Closes: 1054909 Changes: activemq (5.17.6+dfsg-1) unstable; urgency=medium . * Team upload. * New upstream version 5.17.6+dfsg Addresses CVE-2023-46604 (Closes: #1054909) * Refresh patches for new upstream release * Update debian/maven.ignoreRules to ignore: - org.apache.geronimo.genesis.plugins:tools-maven-plugin - org.apache.activemq:activemq-client:jar:tests Checksums-Sha1: 22e6f92abca15f5c912b380e5886fb03a8506e73 3549 activemq_5.17.6+dfsg-1.dsc fb1a06c5e62886996702b2f76a465529e938905c 2667920 activemq_5.17.6+dfsg.orig.tar.xz 5318a8db14003e8e5333eed6cc5b4838e862aa39 17192 activemq_5.17.6+dfsg-1.debian.tar.xz dbed31318154864375fa594006f35717e5284174 18241 activemq_5.17.6+dfsg-1_amd64.buildinfo Checksums-Sha256: f3830280be43deff215a019c2ded31180a810087c151b10617465b50557f58f6 3549 activemq_5.17.6+dfsg-1.dsc dcb252af55dbed49d6d46b7fafe827a15dd6f9f2f98ca82a4a955e9aba749c73 2667920 activemq_5.17.6+dfsg.orig.tar.xz fcce081a230a1cb2c1fd4d7f279caba5822f07438f6a6501722e8a38140a6796 17192 activemq_5.17.6+dfsg-1.debian.tar.xz fa36441ff884ed415b8d4c81eac30cc9acc99f84e3129412b36b4053b57ad2a7 18241 activemq_5.17.6+dfsg-1_amd64.buildinfo Files: 0b7cb29992b55c38285cb20e0565a622 3549 java optional activemq_5.17.6+dfsg-1.dsc 6ccab0d184b0aba3f28816718c50c206 2667920 java optional activemq_5.17.6+dfsg.orig.tar.xz ff56d03677e60e5ecdf733f3b279d7d8 17192 java optional activemq_5.17.6+dfsg-1.debian.tar.xz 2347c36acac8731ae124d36a7b19a1e8 18241 java optional activemq_5.17.6+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmVZntcUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpb6FxAAj5OuLy0PdB0OON9od0X/zn8SweLj gHCOXGJkow4GqkckI1VpRGAdCNinvYM8L/H22KCaZTlMtIQ+Jwppp2F7BSfKgwz9 l7oDOrwTVtOD9X0+A771FKCBkILf3+WIIH0or0sZcwIi4AcNEwPz5dVaRTrtTmC+ 3d/iX0LOCtGHrhpUxoFf3tMSiYM1Z9ayEOerNjKoVJ+O4uXOlKqsgfgztDVHpcsR X6bq4nElv9tYtGmh7jAYnhV5Kqj8wjUbv05ekhOPYbdmc8GEtwkHMMnyPDW+w21X vMvDia+pfobOr2d7TXZ8CIOEQX8YVGrxYXVqXhhrd9VbMai4x3TFpp3RTU92MgU8 V8DWP6qkWCX9QDWj4CCwFlM+DoybgMoUW3Xwo2p0Z84/mpppC60Y1f+TyS9m4P5c vFum1Vmow5JER6ouKyYHNgOTKTTmvzGyQOpbN340FFbW4Tss5Pxz45sVdm1nDEDA L68reJ9IxzVWbMhD4akJvUhtkQXe7amIqhGUGdwbrqYmx5WTnfok7x/JFIo5qpgS DMhN5nXmiIadQB8peXsXKeKCTZJvB1mk8w6o8a0UUTnkR/PclOw8Tr3jBkCbOv34 WsqarearlgteZI0NQueXtSTNy6p5lKRmvAPa3VbiYUTckZmhlyJzYirZ+rJcs/xW OpBx5JL2ROjtnzU= =/ZC9 -----END PGP SIGNATURE-----
--- End Message ---
