Your message dated Fri, 28 Apr 2017 21:32:08 +0000
with message-id <e1d4dum-000bo9...@fasolo.debian.org>
and subject line Bug#860866: fixed in activemq 5.6.0+dfsg1-4+deb8u3
has caused the Debian Bug report #860866,
regarding activemq: CVE-2015-7559: DoS in client via shutdown command
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: activemq
Version: 5.6.0+dfsg1-4
Severity: important
Tags: upstream patch security
Forwarded: https://issues.apache.org/jira/browse/AMQ-6470

Hi,

the following vulnerability was published for activemq.

CVE-2015-7559[0]:
DoS in client via shutdown command

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7559
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559
[1] https://issues.apache.org/jira/browse/AMQ-6470
[2] https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e

I'm not too familiar with activemq, but from code inspection only the
class (although on different path in the source) is present back as
well in the version in jessie.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: activemq
Source-Version: 5.6.0+dfsg1-4+deb8u3

We believe that the bug you reported is fixed in the latest version of
activemq, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated activemq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Apr 2017 21:01:20 +0200
Source: activemq
Binary: libactivemq-java libactivemq-java-doc activemq
Architecture: source all
Version: 5.6.0+dfsg1-4+deb8u3
Distribution: jessie
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 activemq   - Java message broker - server
 libactivemq-java - Java message broker core libraries
 libactivemq-java-doc - Java message broker core libraries - documentation
Closes: 860866
Changes:
 activemq (5.6.0+dfsg1-4+deb8u3) jessie; urgency=medium
 .
   * Team upload.
   * Fix CVE-2015-7559:
     DoS in activemq-core via shutdown command. (Closes: #860866)
Checksums-Sha1:
 e602f59f41fd0e3d6601a4470a8f9f54a50c84de 3543 activemq_5.6.0+dfsg1-4+deb8u3.dsc
 b9965cf7e7d5066afceb7b7f1327a040710b60d3 22832 
activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz
 a38c53ef9a62f38e206420cba32a26f69a909b38 3588612 
libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb
 56f1656250033b1079cd3dac8af7b015269034f5 3500384 
libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb
 f36e6e2472e1d1c278ae922cda07d85e45b8bb63 49530 
activemq_5.6.0+dfsg1-4+deb8u3_all.deb
Checksums-Sha256:
 ade25083dbd340d06c8cce2ba102699570a5e813c8d6201e7377d34d6dee1883 3543 
activemq_5.6.0+dfsg1-4+deb8u3.dsc
 157f8da007d7abf96068db9fd0c346c522d178c64124dbef5b335d67f6bd5286 22832 
activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz
 f4f75936a477a0c008f3426b8941320973f80c655cde9d57f74529c4f8a4f9dc 3588612 
libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb
 a7ebc3d28e58d47abfb5961f16116f5dc028c124c2ed4f1225ba52e84ded2eb2 3500384 
libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb
 fae6a78ab06fa5c5e9870360f5e625588a9dbe6339e4125abee85d969400b0f3 49530 
activemq_5.6.0+dfsg1-4+deb8u3_all.deb
Files:
 33eeff00b4dd095b3eed954eb59753ea 3543 java optional 
activemq_5.6.0+dfsg1-4+deb8u3.dsc
 adb79aaa6b842c434c7366825da34bd9 22832 java optional 
activemq_5.6.0+dfsg1-4+deb8u3.debian.tar.xz
 7347aa1c985332bbc31e1df8844a7161 3588612 java optional 
libactivemq-java_5.6.0+dfsg1-4+deb8u3_all.deb
 2fd27305135c9d2496395ca6f901affe 3500384 doc optional 
libactivemq-java-doc_5.6.0+dfsg1-4+deb8u3_all.deb
 969707bbcd38ce1b6758c97a3f23bab4 49530 java optional 
activemq_5.6.0+dfsg1-4+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkDARtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkW6gP/juDnXeJEjIHvr6gH2NJOVzc6WvDb4xHyOXD
16xudsdCZZPXtSZObxJuF/HRmp1+Lv0DmfLpYYoEsabRTp6bF8HZWvPKDEMR4/0y
mAFn2CQYH80bY22OfUWrS94fACFsfqR4NKkFI/atArZE+2bwrfF+WSf2hUZeQE4b
LuTzPiZH+rNt2yPnpIgvxGgKOEfWxViqWprw5JgGfHZDLyTVK67E2MoEkxeldLqX
YTslSC6G44GrggL3jgVG2AjQef/+Vfml2QeFkk24GnfxbkveUFksHmN1eVCay5FP
c5nASi/++4/rN/Ev9zg47+I0RgZ695YZHyYuYdU8G/Lk+fGXhyRlOSA4TrPGpets
0cUGl0wzjcEajLDALpMV0lr1QXdw2gGlyyoX/jWCCNClZ4KDlc0cndq92qJwzdcO
AHyTC0FLSR1bKcMO0qK9uZ7gKMtr4WRWhXUP+tu7bvcqZWKggjBS+zuq8MUDDade
rCSorh/gR82VCfzKdV4D2qfdI1lrynmINUlh3NwhFoHzj7FNphZMn0pe63xgIdAz
pZsnkyHQZvuT5ciln4IevAX42ukytYkLK4IuyQxho+KN7wXJ/xKrvyxNwJwzFUIn
1FZsefdKbAYklnJwUl6JQ05tyWvtLbQegXv5uGCYNI5LwmGtkyD4R5GK3N9KIPBi
t/24fjEz
=toD2
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to