Your message dated Wed, 18 Feb 2015 21:20:02 +0000 with message-id <e1yoc2m-0002rz...@franck.debian.org> and subject line Bug#777196: fixed in activemq 5.6.0+dfsg1-4 has caused the Debian Bug report #777196, regarding activemq: CVE-2014-8110 CVE-2014-3612 CVE-2014-3600 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 777196: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777196 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: activemq Severity: important Tags: security Hi, please see http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt (but the admin console isn't enabled, so this should be moot? (702670)) http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: activemq Source-Version: 5.6.0+dfsg1-4 We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 777...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated activemq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 18 Feb 2015 20:04:38 +0100 Source: activemq Binary: libactivemq-java libactivemq-java-doc activemq Architecture: source all Version: 5.6.0+dfsg1-4 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: activemq - Java message broker - server libactivemq-java - Java message broker core libraries libactivemq-java-doc - Java message broker core libraries - documentation Closes: 777196 Changes: activemq (5.6.0+dfsg1-4) unstable; urgency=high . * Team upload. * Fixed security issues (Closes: #777196) - CVE-2014-3612: JAAS LDAPLoginModule allows empty password authentication - CVE-2014-3600: XML External Entity expansion when evaluating XPath expressions * Standards-Version updated to 3.9.6 (no changes) Checksums-Sha1: 26c477d01cc38840cb0759b65bf06109a693ab65 3348 activemq_5.6.0+dfsg1-4.dsc 9992f5db41656e2865b5380f7856fb8403c21c38 19800 activemq_5.6.0+dfsg1-4.debian.tar.xz 9e7fd190eae4910dc6b209366187a8c8f758426c 3580146 libactivemq-java_5.6.0+dfsg1-4_all.deb c2a80c1bca21eae675144a964cef0006ba5a992f 3515374 libactivemq-java-doc_5.6.0+dfsg1-4_all.deb 0218fa5ba56920061bb14610e037e22f615444e0 49276 activemq_5.6.0+dfsg1-4_all.deb Checksums-Sha256: 869d278964674feb5c685231105db471d67bc7f35c21ce4e24612170bb089f13 3348 activemq_5.6.0+dfsg1-4.dsc 24c760f41e94ee285138ef2302ccf23eea00139b0e6dbd6dba9e4fdda7397038 19800 activemq_5.6.0+dfsg1-4.debian.tar.xz 1e2f73649ebae5d9dd8960d1d63a1f0cfd5b60851f186475f787b43d8b7d0630 3580146 libactivemq-java_5.6.0+dfsg1-4_all.deb 9061982a993f735a046826f25377643d2527bf674e89ad6f386ee5fb28011873 3515374 libactivemq-java-doc_5.6.0+dfsg1-4_all.deb d02d8ba9c2a55ff5de18d8bf9ba85566a87eb13cad35805cb9dcf3cfb741d1e2 49276 activemq_5.6.0+dfsg1-4_all.deb Files: 7d3586ba8110d2144468401c3a9159c4 3348 java optional activemq_5.6.0+dfsg1-4.dsc 56b89ef11e0e082d60ffdc183fe09d00 19800 java optional activemq_5.6.0+dfsg1-4.debian.tar.xz bd36c17a2626e6260b1b084d152d8549 3580146 java optional libactivemq-java_5.6.0+dfsg1-4_all.deb 0fd6864f8f09452e4d0696084f7a79b2 3515374 doc optional libactivemq-java-doc_5.6.0+dfsg1-4_all.deb bcafbb099e6170958777a50c4c45756f 49276 java optional activemq_5.6.0+dfsg1-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU5O0/AAoJEPUTxBnkudCszH8P/1/VM+pV5Wnim9GnIUcOTXo2 chs+OxjoyjVjJ46IPo9NrWVLVC7cEQk3iCkP2ccdfX4rNoujjdLOI9/ZUK7tr/o1 /b3vDPkW4jBvMPY2UQAHTgu2KNXhb1zmgsnNbFEHsjX7iQfdCJPDkeYFEsGnB+dd cX+K86v+i2wnwmkZq/VPihJyWnrc+zg/0KFsoZ4RpmBi7B2+U16o+h7wgwnzE1gc zGd1/GvQO/oZHqRy1TeoqjoFWuJJbpR2XfpuTjZJlVuZzYOYAMZ+mZmVbtnni2U5 xeIhFsP3iXYyOM3ysDCcp+YNl3eL2A0N9pzPebS0+tXN6y8UK7W6LrTxMz7muVCK AyL767tWpLGs8LEFFN3f8vPmOH1Ej0hRUF5CkgFeK54sA65xdR4FegKmQQgsbd5s V2hQ9PPGEg805lGgtC0oPe8SygbdW/pH0n5pmx8kcB6VVmlDbh5S0zVTvOQSJd6W 0fzWUTt/Jza6yqE0U8Zf18pMoBDKlbTsNAETobYQZlBjG5IiS8duRWZTiPvag9/A DnBN3PsrJVwjE5M+UTA9ltaNq2a23/1GzaxEJ1RsXUIBCfefuxydt5iMH2rxgZdL KqCKrPPG3whobOUTwldPaAVKE2qaQH4rfYSGNF6jHlM7xCiW1kMJN9X66O/B9d/l 8bF9eiVaUGyGOonmvdbm =p68t -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
