Your message dated Tue, 06 Mar 2018 21:19:44 +0000
with message-id <e1etjzs-000adc...@fasolo.debian.org>
and subject line Bug#890352: fixed in activemq 5.15.3-1
has caused the Debian Bug report #890352,
regarding activemq: CVE-2017-15709: information leak
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
890352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890352
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: activemq
Version: 5.14.3-3
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for activemq, filling the
bug based on the information available from [0] and [1].

CVE-2017-15709[0]:
| When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2
| it was found that certain system details (such as the OS and kernel
| version) are exposed as plain text.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15709
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15709
[1] http://www.openwall.com/lists/oss-security/2018/02/13/4

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: activemq
Source-Version: 5.15.3-1

We believe that the bug you reported is fixed in the latest version of
activemq, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 890...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated activemq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Mar 2018 20:26:39 +0100
Source: activemq
Binary: libactivemq-java libactivemq-java-doc activemq
Architecture: source
Version: 5.15.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 activemq   - Java message broker - server
 libactivemq-java - Java message broker core libraries
 libactivemq-java-doc - Java message broker core libraries - documentation
Closes: 890352 891114
Changes:
 activemq (5.15.3-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version 5.15.3.
     - Fix CVE-2017-15709: Information Leak
       When using the OpenWire protocol it was found that certain system details
       (such as the OS and kernel version) are exposed as plain text. Thanks to
       Salvatore Bonaccorso for the report. (Closes: 890352)
   * Remove libjosql-java-doc from B-D because it is gone.
     Thanks to Andreas Beckmann for the report. (Closes: #891114)
   * Use compat level 11.
   * Declare compliance with Debian Policy 4.1.3.
   * Install NOTICE file.
Checksums-Sha1:
 d250b96f371ad2354e82fd3dbb15807577ba0b41 3757 activemq_5.15.3-1.dsc
 e13950554067ec47c49fa09ebf2683cb5c76008c 2656956 activemq_5.15.3.orig.tar.xz
 0b85e11c0340e423f21d8fc7ad4c6fa77f4d2711 15352 activemq_5.15.3-1.debian.tar.xz
 457610c3b5bd074f03b3620bbaba64280c8fb78a 18730 
activemq_5.15.3-1_amd64.buildinfo
Checksums-Sha256:
 bc32fe02f1059c3f23d8d50c10356af6e867dfa94bc80974359b3cc461b2b215 3757 
activemq_5.15.3-1.dsc
 c61943b3be7a12e9fa75e1bac9756348dfabb39d1c40053e455df804f564ba47 2656956 
activemq_5.15.3.orig.tar.xz
 9b3f8ade5e8b527f0696ec4d61241e392d975c529593cdd54c678bceee4cf873 15352 
activemq_5.15.3-1.debian.tar.xz
 7a7892e19c8899d28c9b8352a72f4e5112fc0427b00f492e77899f27bb7d30f7 18730 
activemq_5.15.3-1_amd64.buildinfo
Files:
 f0e0d9e15376a6200a24350b23ba5fbc 3757 java optional activemq_5.15.3-1.dsc
 7d701971495dc68cfe5339d629c8636d 2656956 java optional 
activemq_5.15.3.orig.tar.xz
 14004db17bcbc1daab8f27cab0534b39 15352 java optional 
activemq_5.15.3-1.debian.tar.xz
 6e80aae2b79b0549f947b6787e99050b 18730 java optional 
activemq_5.15.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqe8z9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkWEgQAKnGa8w6TzGsRwIN0uHd+jSmICke9TmSmMLM
hVYpzq5l3LHCXov226Qb97ElrjKSO3TupXBo4gVx7AtChXU7EbDsqVNx43sGK8fY
qS4MtZ5UcKVHCcRCGzkVi2LPNjMJEtAQYz3s1kvIVhKs0/u6/3vM9qzf3pHPSRId
R4qEM1LhkqTZAFuIo58Y86+cccS18oSWbVIXDOV/ONVDrFvFczNYFwYIgN39x24q
E47LLxJAS3NQRQv+K2rCNo8VC3NvTqxd5De9eflzM9NGG3JmLMuNJ4zTfFR0It4y
R7YlgR8rM9FMNVCr2Pdc7fRT9GoxijtrbgtjAdh+F2lt8wXvjOLAfAixrSzrpe05
z+mmI0tY9z6CCybzAzLg+N2Kys7y2mGxcch1p3JpiAotZT8IyFjm4uGoyfNnO/5P
2kjH15FTbX7gHGFq/vWZxprnYq6PmA0bCLCharEHXNia8D35+mQsqGUsIcY0FcCJ
OGIYqUUxgPxkW8dtgpSCPmR/Lg0dqansEotg8pJc1nACImqmgVu1/Tdh+z+WQVYz
bvRIMdhABpBaljb5XnwAqBCd3iheHeKA74wAxFBx09u+nCUEeQYzTF7kN73teOqX
gdTtTPBbLAguqpHEuPfXFiUh8m2KdJdiy70wCgTRWJWYyb6MBCbZSovvA8Qx4zS6
qzMJGZKP
=t8T3
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to