Emmanuel Arias pushed to branch bullseye at Debian Java Maintainers / activemq
Commits: 712ee7ba by Emmanuel Arias at 2025-06-13T07:40:26-03:00 Non-maintainer upload by the LTS Security Team. * Non-maintainer upload by the LTS Security Team. * CVE-2025-27533: Avoid memory allocation with excessive size value during unmarshalling of OpenWire commands. The size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (Closes: #1104933). - d/control: Add libjavassist-java as build dependency. It is needed for the patch. - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2025-27533.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,13 @@ +activemq (5.16.1-1+deb11u2) bullseye-security; urgency=high + + * Non-maintainer upload by the LTS Security Team. + * CVE-2025-27533: Avoid memory allocation with excessive size value during + unmarshalling of OpenWire commands. The size value of buffers was not + properly validated which could lead to excessive memory allocation + and be exploited to cause a denial of service (Closes: #1104933). + + -- Emmanuel Arias <[email protected]> Fri, 13 Jun 2025 07:36:16 -0300 + activemq (5.16.1-1+deb11u1) bullseye-security; urgency=medium * Non-maintainer upload by the LTS Team. ===================================== debian/patches/CVE-2025-27533.patch ===================================== The diff for this file was not included because it is too large. ===================================== debian/patches/series ===================================== @@ -7,3 +7,4 @@ maven-xbean-plugin.patch enable-activemq-jdbc-store-module.patch 0001-AMQ-9370-Openwire-marshaller-should-validate-Throwab.patch 0001-AMQ-9201-Update-Jolokia-default-access-configuration.patch +CVE-2025-27533.patch View it on GitLab: https://salsa.debian.org/java-team/activemq/-/commit/712ee7ba137cb253d447da1aaf3d959d0149a914 -- View it on GitLab: https://salsa.debian.org/java-team/activemq/-/commit/712ee7ba137cb253d447da1aaf3d959d0149a914 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
