Emmanuel Arias pushed to branch master at Debian Java Maintainers / activemq
Commits:
622badd3 by Emmanuel Arias at 2025-05-29T16:30:23-03:00
CVE-2025-27533: Avoid memory allocation with excessive size value during
unmarshalling of OpenWire commands. The size value of buffers was not properly
validated which could lead to excessive memory allocation and be exploited to
cause a denial of service (Closes: #1104933).
* CVE-2025-27533: Avoid memory allocation with excessive size value during
unmarshalling of OpenWire commands. The size value of buffers was not
properly validated which could lead to excessive memory allocation
and be exploited to cause a denial of service (Closes: #1104933).
- d/control: Add libjavassist-java as build dependency. It is needed for
the patch.
- - - - -
7177adc0 by Emmanuel Arias at 2025-05-31T19:59:03-03:00
prepare for release
- - - - -
1026777d by Emmanuel Arias at 2025-06-02T12:34:35-03:00
d/control: Add myself as uploaders.
- - - - -
70d67518 by Emmanuel Arias at 2025-06-02T12:35:06-03:00
prepare for release as Uploader
- - - - -
4 changed files:
- debian/changelog
- debian/control
- debian/patches/series
- + debian/patches/validate-size-of-buffers-during-unmarshalling.patch
Changes:
=====================================
debian/changelog
=====================================
@@ -1,10 +1,19 @@
-activemq (5.17.6+dfsg-2) UNRELEASED; urgency=medium
+activemq (5.17.6+dfsg-2) unstable; urgency=medium
- * Team upload
+ [ Pierre Gruet ]
* Removing the patch about missing Maven artifact as libxstream-java now
properly declares the classpath of its jar
- -- Pierre Gruet <[email protected]> Tue, 08 Oct 2024 21:34:03 +0200
+ [Emmanuel Arias]
+ * CVE-2025-27533: Avoid memory allocation with excessive size value during
+ unmarshalling of OpenWire commands. The size value of buffers was not
+ properly validated which could lead to excessive memory allocation
+ and be exploited to cause a denial of service (Closes: #1104933).
+ - d/control: Add libjavassist-java as build dependency. It is needed for
+ the patch.
+ * d/control: Add myself as uploaders.
+
+ -- Emmanuel Arias <[email protected]> Thu, 29 May 2025 16:29:53 -0300
activemq (5.17.6+dfsg-1) unstable; urgency=medium
=====================================
debian/control
=====================================
@@ -3,7 +3,8 @@ Section: java
Priority: optional
Maintainer: Debian Java Maintainers
<[email protected]>
Uploaders:
- Damien Raude-Morvan <[email protected]>
+ Damien Raude-Morvan <[email protected]>,
+ Emmanuel Arias <[email protected]>
Build-Depends:
ant,
debhelper-compat (= 13),
@@ -39,6 +40,7 @@ Build-Depends:
libjackson2-databind-java,
libjasypt-java (>= 1.9.3),
libjavacc-maven-plugin-java,
+ libjavassist-java,
libjaxb-java,
libjdom1-java (>= 1.0),
libjettison-java,
=====================================
debian/patches/series
=====================================
@@ -4,3 +4,4 @@ activemq-client-jar.patch
disable-broker-test-dependency.patch
java11.patch
enable-activemq-jdbc-store-module.patch
+validate-size-of-buffers-during-unmarshalling.patch
=====================================
debian/patches/validate-size-of-buffers-during-unmarshalling.patch
=====================================
The diff for this file was not included because it is too large.
View it on GitLab:
https://salsa.debian.org/java-team/activemq/-/compare/3d9d960aee89e6e61f118b1f639411bfa5617b48...70d675187a31ceb7c2e90eb81ae720da13baa40b
--
View it on GitLab:
https://salsa.debian.org/java-team/activemq/-/compare/3d9d960aee89e6e61f118b1f639411bfa5617b48...70d675187a31ceb7c2e90eb81ae720da13baa40b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
pkg-java-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
