This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch wheezy in repository activemq.
commit c9be6309b3bb0b1342e45ad875745850189c6acd Author: Markus Koschany <[email protected]> Date: Mon Apr 24 12:50:21 2017 +0200 Import Debian changes 5.6.0+dfsg-1+deb7u3 activemq (5.6.0+dfsg-1+deb7u3) wheezy-security; urgency=high * Team upload. * Fix CVE-2015-7559. DoS in activemq-core via shutdown command. --- debian/changelog | 8 +++++++ debian/patches/CVE-2015-7559.patch | 47 ++++++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 56 insertions(+) diff --git a/debian/changelog b/debian/changelog index 5aec11b..3a34d3c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +activemq (5.6.0+dfsg-1+deb7u3) wheezy-security; urgency=high + + * Team upload. + * Fix CVE-2015-7559. + DoS in activemq-core via shutdown command. + + -- Markus Koschany <[email protected]> Mon, 24 Apr 2017 12:50:21 +0200 + activemq (5.6.0+dfsg-1+deb7u2) wheezy-security; urgency=high * Team upload. diff --git a/debian/patches/CVE-2015-7559.patch b/debian/patches/CVE-2015-7559.patch new file mode 100644 index 0000000..e15caa8 --- /dev/null +++ b/debian/patches/CVE-2015-7559.patch @@ -0,0 +1,47 @@ +From: Markus Koschany <[email protected]> +Date: Sun, 23 Apr 2017 22:13:33 +0200 +Subject: CVE-2015-7559 + +Bug-Debian: https://bugs.debian.org/860866 +Bug-Upstream: https://issues.apache.org/jira/browse/AMQ-6470 +Origin: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e +--- + .../java/org/apache/activemq/ActiveMQConnection.java | 18 ------------------ + 1 file changed, 18 deletions(-) + +diff --git a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java +index 57ca8f1..d5797d6 100755 +--- a/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java ++++ b/activemq-core/src/main/java/org/apache/activemq/ActiveMQConnection.java +@@ -1860,7 +1860,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon + + @Override + public Response processControlCommand(ControlCommand command) throws Exception { +- onControlCommand(command); + return null; + } + +@@ -2296,23 +2295,6 @@ public class ActiveMQConnection implements Connection, TopicConnection, QueueCon + inputStreams.remove(stream); + } + +- protected void onControlCommand(ControlCommand command) { +- String text = command.getCommand(); +- if (text != null) { +- if ("shutdown".equals(text)) { +- LOG.info("JVM told to shutdown"); +- System.exit(0); +- } +- if (false && "close".equals(text)){ +- LOG.error("Broker " + getBrokerInfo() + "shutdown connection"); +- try { +- close(); +- } catch (JMSException e) { +- } +- } +- } +- } +- + protected void onConnectionControl(ConnectionControl command) { + if (command.isFaultTolerant()) { + this.optimizeAcknowledge = false; diff --git a/debian/patches/series b/debian/patches/series index 87c90b0..2ad8bdf 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -11,3 +11,4 @@ CVE-2014-3600.patch CVE-2014-3612.patch CVE-2014-3576.patch CVE-2015-5254.patch +CVE-2015-7559.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/activemq.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
