Your message dated Fri, 28 Apr 2017 21:32:08 +0000 with message-id <e1d4dum-000bo9...@fasolo.debian.org> and subject line Bug#860866: fixed in activemq 5.6.0+dfsg1-4+deb8u3 has caused the Debian Bug report #860866, regarding activemq: CVE-2015-7559: DoS in client via shutdown command to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 860866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: activemq Version: 5.6.0+dfsg1-4 Severity: important Tags: upstream patch security Forwarded: https://issues.apache.org/jira/browse/AMQ-6470 Hi, the following vulnerability was published for activemq. CVE-2015-7559[0]: DoS in client via shutdown command If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-7559 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559 [1] https://issues.apache.org/jira/browse/AMQ-6470 [2] https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e I'm not too familiar with activemq, but from code inspection only the class (although on different path in the source) is present back as well in the version in jessie. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: activemq Source-Version: 5.6.0+dfsg1-4+deb8u3 We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 860...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated activemq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 Apr 2017 21:01:20 +0200 Source: activemq Binary: libactivemq-java libactivemq-java-doc activemq Architecture: source all Version: 5.6.0+dfsg1-4+deb8u3 Distribution: jessie Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: activemq - Java message broker - server libactivemq-java - Java message broker core libraries libactivemq-java-doc - Java message broker core libraries - documentation Closes: 860866 Changes: activemq (5.6.0+dfsg1-4+deb8u3) jessie; urgency=medium . * Team upload. * Fix CVE-2015-7559: DoS in activemq-core via shutdown command. (Closes: #860866) Checksums-Sha1: e602f59f41fd0e3d6601a4470a8f9f54a50c84de 3543 activemq_5.6.0+dfsg1-4+deb8u3.dsc b9965cf7e7d5066afceb7b7f1327a040710b60d3 22832 activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz a38c53ef9a62f38e206420cba32a26f69a909b38 3588612 libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb 56f1656250033b1079cd3dac8af7b015269034f5 3500384 libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb f36e6e2472e1d1c278ae922cda07d85e45b8bb63 49530 activemq_5.6.0+dfsg1-4+deb8u3_all.deb Checksums-Sha256: ade25083dbd340d06c8cce2ba102699570a5e813c8d6201e7377d34d6dee1883 3543 activemq_5.6.0+dfsg1-4+deb8u3.dsc 157f8da007d7abf96068db9fd0c346c522d178c64124dbef5b335d67f6bd5286 22832 activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz f4f75936a477a0c008f3426b8941320973f80c655cde9d57f74529c4f8a4f9dc 3588612 libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb a7ebc3d28e58d47abfb5961f16116f5dc028c124c2ed4f1225ba52e84ded2eb2 3500384 libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb fae6a78ab06fa5c5e9870360f5e625588a9dbe6339e4125abee85d969400b0f3 49530 activemq_5.6.0+dfsg1-4+deb8u3_all.deb Files: 33eeff00b4dd095b3eed954eb59753ea 3543 java optional activemq_5.6.0+dfsg1-4+deb8u3.dsc adb79aaa6b842c434c7366825da34bd9 22832 java optional activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz 7347aa1c985332bbc31e1df8844a7161 3588612 java optional libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb 2fd27305135c9d2496395ca6f901affe 3500384 doc optional libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb 969707bbcd38ce1b6758c97a3f23bab4 49530 java optional activemq_5.6.0+dfsg1-4+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkDARtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkW6gP/juDnXeJEjIHvr6gH2NJOVzc6WvDb4xHyOXD 16xudsdCZZPXtSZObxJuF/HRmp1+Lv0DmfLpYYoEsabRTp6bF8HZWvPKDEMR4/0y mAFn2CQYH80bY22OfUWrS94fACFsfqR4NKkFI/atArZE+2bwrfF+WSf2hUZeQE4b LuTzPiZH+rNt2yPnpIgvxGgKOEfWxViqWprw5JgGfHZDLyTVK67E2MoEkxeldLqX YTslSC6G44GrggL3jgVG2AjQef/+Vfml2QeFkk24GnfxbkveUFksHmN1eVCay5FP c5nASi/++4/rN/Ev9zg47+I0RgZ695YZHyYuYdU8G/Lk+fGXhyRlOSA4TrPGpets 0cUGl0wzjcEajLDALpMV0lr1QXdw2gGlyyoX/jWCCNClZ4KDlc0cndq92qJwzdcO AHyTC0FLSR1bKcMO0qK9uZ7gKMtr4WRWhXUP+tu7bvcqZWKggjBS+zuq8MUDDade rCSorh/gR82VCfzKdV4D2qfdI1lrynmINUlh3NwhFoHzj7FNphZMn0pe63xgIdAz pZsnkyHQZvuT5ciln4IevAX42ukytYkLK4IuyQxho+KN7wXJ/xKrvyxNwJwzFUIn 1FZsefdKbAYklnJwUl6JQ05tyWvtLbQegXv5uGCYNI5LwmGtkyD4R5GK3N9KIPBi t/24fjEz =toD2 -----END PGP SIGNATURE-----
--- End Message ---
