Your message dated Fri, 21 Apr 2017 15:48:52 +0000
with message-id <e1d1ank-000apc...@fasolo.debian.org>
and subject line Bug#860866: fixed in activemq 5.14.3-3
has caused the Debian Bug report #860866,
regarding activemq: CVE-2015-7559: DoS in client via shutdown command
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: activemq
Version: 5.6.0+dfsg1-4
Severity: important
Tags: upstream patch security
Forwarded: https://issues.apache.org/jira/browse/AMQ-6470

Hi,

the following vulnerability was published for activemq.

CVE-2015-7559[0]:
DoS in client via shutdown command

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7559
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559
[1] https://issues.apache.org/jira/browse/AMQ-6470
[2] https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e

I'm not too familiar with activemq, but from code inspection only the
class (although on different path in the source) is present back as
well in the version in jessie.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: activemq
Source-Version: 5.14.3-3

We believe that the bug you reported is fixed in the latest version of
activemq, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated activemq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Apr 2017 16:24:41 +0200
Source: activemq
Binary: libactivemq-java libactivemq-java-doc activemq
Architecture: source
Version: 5.14.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 activemq   - Java message broker - server
 libactivemq-java - Java message broker core libraries
 libactivemq-java-doc - Java message broker core libraries - documentation
Closes: 860866
Changes:
 activemq (5.14.3-3) unstable; urgency=medium
 .
   * Team upload.
   * Fix CVE-2017-7559.
     DoS in client via shutdown command.
     Thanks to Salvatore Bonaccorso for the report. (Closes: #860866)
Checksums-Sha1:
 2d550284bf5ec01dc797ce479a7ea79370470667 3646 activemq_5.14.3-3.dsc
 9f819702a3bc4f8f808f9fbe633fd3657eb2af44 15736 activemq_5.14.3-3.debian.tar.xz
 bd9eb3629c8c60850e9d812058c4839dccb1f7c9 17006 
activemq_5.14.3-3_amd64.buildinfo
Checksums-Sha256:
 c1e6390c2a5d2ae0a4ac348e9677ec356628aed7dc44b8eaa199312e5b910c12 3646 
activemq_5.14.3-3.dsc
 631f44d78e70a0b5aabc5f38ae0c8cde785918f44e62b8d8810ebc0d2e1533fb 15736 
activemq_5.14.3-3.debian.tar.xz
 35aabe3d2af941fa321a6dfa272800d72c2285ead2aa764bc98fd8c074e7cbac 17006 
activemq_5.14.3-3_amd64.buildinfo
Files:
 95ff553fa1e6b9cd7e5ac6c726b3ef31 3646 java optional activemq_5.14.3-3.dsc
 748746967306850ed23ad76d9cde3f49 15736 java optional 
activemq_5.14.3-3.debian.tar.xz
 994ef2581dd6d81f721af648b9ede305 17006 java optional 
activemq_5.14.3-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj6I6pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkk6YP/1byh/G+XWDvkncQmxcR5CWFwYYh5yH+UWap
WI8Lf9TrgSD3wHXql/nRkWwMcgHcfIrYHL+GW8633w+Pk+x1E0qaD3AncKluGRxe
W3wEVH7E5HcACIJ4V4SRMPtyAjHJwDkDLdR1lAR2RBYfq1CP9/kxcymrFVL8CUDa
p/oz3kOLx8BuKjbp6e8ZsX8WJttp1XHfu5z1tNIFmkiYP4jqM2ntAwrR+nBoTmqX
CH1XeqXLWvVISwKM2Z4rklh40EGbe/aX0qUeyWjm380nrgXHn7sQF4FLk6QuVIxG
+yHQKZ5X0LbzbagaoV6jzYkGuydUQ6Mk9VQgTZAOopDuP9ROUWL3N4u+cUKWVz8Y
aF6qE9GxKc/wOxHfYS5QxE1CGn6GLn2OteURuBxvVoUMbG22sgaqwaQ3h1sgjdLq
+Ll8UyJlsjEvPn0NqhK4xuSsC5vsquwpKlUF8uqRqP83aHdoa7VBW9zJo3A73qlk
FaAfVi3s8OviHdTS9cbNc2RehKh0cCl9rHZUdvtrm08n2RPw31etWEjXUBtu49EB
UsX1PkCvKQoRfKhfATPhwYGem8/TyaSFfgUH9OTI2danOaG8z8S422m1UaKM4W6n
qdnI5Y0/6XHUfTSHwqEO4w8PUQ08kHYwjDmizJAxiqBL4Np8jS0vJEQpk2sCHc62
bx4so1Up
=9p9J
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to