Your message dated Sun, 04 Aug 2019 10:34:55 +0000
with message-id <[email protected]>
and subject line Bug#925964: fixed in activemq 5.15.9-1
has caused the Debian Bug report #925964,
regarding activemq: CVE-2019-0222
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
925964: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: activemq
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for activemq.
CVE-2019-0222[0]:
| In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame
| can lead to broker Out of Memory exception making it unresponsive.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-0222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: activemq
Source-Version: 5.15.9-1
We believe that the bug you reported is fixed in the latest version of
activemq, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated activemq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Aug 2019 11:53:25 +0200
Source: activemq
Architecture: source
Version: 5.15.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 925964
Changes:
activemq (5.15.9-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 5.15.9.
- Fix CVE-2019-0222. (Closes: #925964)
* Switch to debhelper-compat = 12.
* Declare compliance with Debian Policy 4.4.0.
* Use canonical VCS URI.
Checksums-Sha1:
23745ae9f3b9dbfb0df374f4593cc6e5dededdcb 3581 activemq_5.15.9-1.dsc
0a08d77af1abb0657b670438042b1b70f7dc6ad0 2681264 activemq_5.15.9.orig.tar.xz
f85ba55f6638ec05271496dfb913848a1aba398a 16636 activemq_5.15.9-1.debian.tar.xz
6c58781c9da350f93fa1f46ae08bf89296af2d9f 15783
activemq_5.15.9-1_amd64.buildinfo
Checksums-Sha256:
33f77a222eced8e180eedfce0b6afb7578be5a6734760cf2847bdffa5641232a 3581
activemq_5.15.9-1.dsc
8aa2915f94ec361c90f36ae1e964a76513384d9f1f26c93df31c3e0491f0083d 2681264
activemq_5.15.9.orig.tar.xz
9b10f5900cb6c3e429ee175ed21b2418c7fe536f8ae54ab993b911dfb0a29e30 16636
activemq_5.15.9-1.debian.tar.xz
26b0760f582a6993559b14fc123ada824753bb70b0cf1a259936130db04e3e73 15783
activemq_5.15.9-1_amd64.buildinfo
Files:
9fed3bcfd0a48e05fb8fc017f069e6c5 3581 java optional activemq_5.15.9-1.dsc
e0f497c2dad692b124d1dfcbf520da6b 2681264 java optional
activemq_5.15.9.orig.tar.xz
c92d3d89db9e8921e0f41703affd2d54 16636 java optional
activemq_5.15.9-1.debian.tar.xz
b7e792f1b87de7e84b01dcef4628db0f 15783 java optional
activemq_5.15.9-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1Grj5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktHUP/A+9hOLC8IwuOAvATbs9m7IDYMAaCyMJ9O0x
9yfjFe0EkA2r7+IrGcoq/vCPnPUiuYSHAGkZ7G7hWYDURztcj7DdH3Er12t+8cLH
Tj055/Bm4cfkSApoOBpGuRx+9DyxbwsVrbCOmTM2+uEdqq5NgJXkjDjH3LNRp97E
ZhX/mvWa0RoRs7m2uOGWDuO3ya72ab00QrhXQUK+acZVanagz8Iq7L01w6J98YGq
993SP/IjGLFBpQ/EtZIphERC/swWDyPw1VmOR4VlZJstHOUgWbkkQv40gAg5Fg7q
91ScfJ/+S1pwAzoRAiHptU0mnGSmqO8pMXFKfPIRuoPZUDno3x2pixnrGa9CA3Uv
mZnhF+3NE8yYLU79QfEL9vVOnWgweKvI7pb5Ywal6RHNFvpwhohBVBa8bralrA7k
tCXtM6ZfPSCG8f10oz0nUWdgtSahX0SaWIxCkOcX1/LOHYDRaKeJhTEo0XRcvPIB
IaY5b6RH8Dl6TJ9RXrgH8/gmbbaXLQOFKwkgGCtyfZU14qxEIn8ADSYXAMWukL3b
gI/Po3KNrjOEIjvhFCdbulNWR8JzuuI061areUZa+3+iZNJxfbXnFBOiX4sMWSIe
ciga89z4DqpR7E2OBok/FdHTWQqSzODAyVMaORpJaG8QbF40RAgPPL/FlaYgLQEo
/HRZPHQN
=AxG+
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
