Bug#792857: marked as done (CVE-2014-3576)
Your message dated Mon, 10 Aug 2015 18:47:05 + with message-id e1zos6d-0007ir...@franck.debian.org and subject line Bug#792857: fixed in activemq 5.6.0+dfsg1-4+deb8u1 has caused the Debian Bug report #792857, regarding CVE-2014-3576 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 792857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792857 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: activemq Severity: grave Tags: security https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3576 is scarce on details, but per the fixed upstream release probably affects oldstable and stable. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: activemq Source-Version: 5.6.0+dfsg1-4+deb8u1 We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 792...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg ebo...@apache.org (supplier of updated activemq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 03 Aug 2015 19:17:04 +0200 Source: activemq Binary: libactivemq-java libactivemq-java-doc activemq Architecture: source all Version: 5.6.0+dfsg1-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: activemq - Java message broker - server libactivemq-java - Java message broker core libraries libactivemq-java-doc - Java message broker core libraries - documentation Closes: 792857 Changes: activemq (5.6.0+dfsg1-4+deb8u1) jessie-security; urgency=high . * Team upload. * Fixed CVE-2014-3576: DoS via unauthenticated remote shutdown command (Closes: #792857) Checksums-Sha1: f4a4038b1ce5fa63854b05571f9eee6105f7f2d8 3376 activemq_5.6.0+dfsg1-4+deb8u1.dsc 35c7110357af332d9ccc92a46e14e344927449df 1724296 activemq_5.6.0+dfsg1.orig.tar.xz d7dfc604909a0503460565cd7e11716e95ddffab 19980 activemq_5.6.0+dfsg1-4+deb8u1.debian.tar.xz 94a06c7f8f9ba4fdf1a874b18a6d3f2d244a20ce 3580006 libactivemq-java_5.6.0+dfsg1-4+deb8u1_all.deb e1ef8b77586e09678100d0bb85b791d6ede09260 3515692 libactivemq-java-doc_5.6.0+dfsg1-4+deb8u1_all.deb 120b1b98f861382a775fc68dfdbc0876d2f0d28e 49342 activemq_5.6.0+dfsg1-4+deb8u1_all.deb Checksums-Sha256: d373361bc06af51caaf78c98667d91413bf8d8d272eae4c361466c5a1d664020 3376 activemq_5.6.0+dfsg1-4+deb8u1.dsc a0f77bcabb133b7c467855e6d171147fb0909ae70572cac5a3ac2cc1eb8c32c5 1724296 activemq_5.6.0+dfsg1.orig.tar.xz 95937f9268ad69170686ef85aba938092eb9781137d78b6eea46acfeb03072b0 19980 activemq_5.6.0+dfsg1-4+deb8u1.debian.tar.xz 4f450ca2724115104c235b86775a86b4cbaaea06c4146413755166c8531ce7ee 3580006 libactivemq-java_5.6.0+dfsg1-4+deb8u1_all.deb ad60583d41fbc1397c13d47507c5757adb37371837e288566e7e1e4ff9ea8ceb 3515692 libactivemq-java-doc_5.6.0+dfsg1-4+deb8u1_all.deb 847aa3aac97efaf9e554a9c42c67e70906d0ae09593c3822d5726038190ae363 49342 activemq_5.6.0+dfsg1-4+deb8u1_all.deb Files: bb9b0214cfa492d1dec62d2dde0abc30 3376 java optional activemq_5.6.0+dfsg1-4+deb8u1.dsc e0322c974891a41dc8c73dacb3f032db 1724296 java optional activemq_5.6.0+dfsg1.orig.tar.xz e1e4a36949ccc8a3076c744eb3925a2a 19980 java optional activemq_5.6.0+dfsg1-4+deb8u1.debian.tar.xz 5035bdc318c76746bb7ab5208e2a0174 3580006 java optional libactivemq-java_5.6.0+dfsg1-4+deb8u1_all.deb 0f353f16feb33d187cb57a827488965a 3515692 doc optional libactivemq-java-doc_5.6.0+dfsg1-4+deb8u1_all.deb dfcbf2fccca42002d2a22e1643d16c84 49342 java optional activemq_5.6.0+dfsg1-4+deb8u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVwGFmAAoJEPUTxBnkudCsWvMP/iR1CW3LyWTa+k4RfoT532+9 4jj31O2YOky7mxSZhkvMT4j8FlJUjqqfDIqtSYVqZqOR18aslLc4lXwExyBpyYMg 2orAGlyJQzFhkeZZ9BEFiE5QrLIY6TqcqhftHgj2Lch9+rSHnul4SemLzXfPfw57 mM6d+vhiDHYLAhrcf4/JvORfQW0K4jdwl1vRWtxF+D9Lkk4IoBgVg8FI0opE7Xu9 JmGnr3aTlWn5XznN5tGVrrmGTkyCr7rBsDQQTb2qOM0TIdPWshKN96R04VN23PLg 5FQjxu/AdkecgeYfFoKT0GrgT4GXoqAxfaZc0L6DVfloo5rg6IrUdcS8L2aTW2pv
Bug#792857: marked as done (CVE-2014-3576)
Your message dated Mon, 10 Aug 2015 18:51:38 + with message-id e1zosac-0008ey...@franck.debian.org and subject line Bug#792857: fixed in activemq 5.6.0+dfsg-1+deb7u1 has caused the Debian Bug report #792857, regarding CVE-2014-3576 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 792857: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792857 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: activemq Severity: grave Tags: security https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3576 is scarce on details, but per the fixed upstream release probably affects oldstable and stable. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: activemq Source-Version: 5.6.0+dfsg-1+deb7u1 We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 792...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg ebo...@apache.org (supplier of updated activemq package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 07 Aug 2015 22:16:39 +0200 Source: activemq Binary: libactivemq-java libactivemq-java-doc activemq Architecture: source all Version: 5.6.0+dfsg-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers pkg-java-maintainers@lists.alioth.debian.org Changed-By: Emmanuel Bourg ebo...@apache.org Description: activemq - Java message broker - server libactivemq-java - Java message broker core libraries libactivemq-java-doc - Java message broker core libraries - documentation Closes: 769887 777196 792857 Changes: activemq (5.6.0+dfsg-1+deb7u1) wheezy-security; urgency=high . * Team upload. * Fixed security issues (Closes: #777196, #792857) - CVE-2014-3612: JAAS LDAPLoginModule allows empty password authentication - CVE-2014-3600: XML External Entity expansion when evaluating XPath expressions - CVE-2014-3576: DoS via unauthenticated remote shutdown command - Disable JMX by default (Closes: #769887) Checksums-Sha1: 3774e5093cc7f227364dabd3d64f102dfed034d4 3353 activemq_5.6.0+dfsg-1+deb7u1.dsc 9dbc1e3b7d01cc54002401c753c9c9502512c6ac 3187408 activemq_5.6.0+dfsg.orig.tar.gz d6dcaf964db30d725948ca104d33d4db963f42b8 22896 activemq_5.6.0+dfsg-1+deb7u1.debian.tar.gz 4f446059f16da15383d6d90b0aebf6b040d957e5 3975514 libactivemq-java_5.6.0+dfsg-1+deb7u1_all.deb 67de6a9bbd13624cac67e82a357be12f4da0bede 9039896 libactivemq-java-doc_5.6.0+dfsg-1+deb7u1_all.deb ef689bb604e73f4bc00f9b83b3937d07a25bc42b 52592 activemq_5.6.0+dfsg-1+deb7u1_all.deb Checksums-Sha256: 6ae1960cc1d8b0c6e2f23aa7049b1e05eb86175f6dcd0847a156eb8c7b06df17 3353 activemq_5.6.0+dfsg-1+deb7u1.dsc f6589dae9e2cff7efe144c5bda99f18c1fc2f220b121a3ac9ef92174cb0899a3 3187408 activemq_5.6.0+dfsg.orig.tar.gz 3882dae19f7fe96bec13a7e379696d495e702ddf21c00b219a44508b7d374a4e 22896 activemq_5.6.0+dfsg-1+deb7u1.debian.tar.gz 678c7ca0c2fa4151f2b6f4899ec5307f94b3f1f1e2eeb77c2fb4f4caece53a85 3975514 libactivemq-java_5.6.0+dfsg-1+deb7u1_all.deb 46336dc90a11caf4c54608dbbf67f29d16a41f8cdd7044362e417c32aa028019 9039896 libactivemq-java-doc_5.6.0+dfsg-1+deb7u1_all.deb c010d707744f0309336cf5b6218eac98a7d11dc931e5325786505d63448b39fd 52592 activemq_5.6.0+dfsg-1+deb7u1_all.deb Files: abc540a4988e1d50602e279b22608f4e 3353 java optional activemq_5.6.0+dfsg-1+deb7u1.dsc 54227cd13c5f73e8ec7e62a0d13d3763 3187408 java optional activemq_5.6.0+dfsg.orig.tar.gz 85cc41a99e7bffec1414627fa93f939c 22896 java optional activemq_5.6.0+dfsg-1+deb7u1.debian.tar.gz 72fa0c44ce67f3ef4780aa1aceca612b 3975514 java optional libactivemq-java_5.6.0+dfsg-1+deb7u1_all.deb fe4cd7ccdc05ecc646cd0b3790f924ff 9039896 doc optional libactivemq-java-doc_5.6.0+dfsg-1+deb7u1_all.deb 269bacd1e23a7f9e3a175bf94e21ca0c 52592 java optional activemq_5.6.0+dfsg-1+deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVxRfuAAoJEPUTxBnkudCsVUgP/3WqDVd7jcfLmSOQaCFeghV0 sWpq3Lsa3vhl9zZZ0xAHAFsNpWjzR4dJl7j6PMt6sKlsVA4w+8WK97QYuout/pjQ