Debian Bug report logs -
#655495
CVE-2011-4605: DoS
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 11 Jan 2012 17:39:01 UTC
Severity: grave
Tags: security
Fixed in version activemq/5.5.0+dfsg-5
Done: Damien Raude-Morvan <drazzib@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#655495; Package src:activemq.
(Wed, 11 Jan 2012 17:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Wed, 11 Jan 2012 17:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: activemq
Severity: grave
Tags: security
This is CVE-2011-4605
Please see here for details and patches:
http://openwall.com/lists/oss-security/2011/12/25/2
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#655495; Package src:activemq.
(Sun, 15 Jan 2012 18:24:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Damien Raude-Morvan" <drazzib@drazzib.com>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Sun, 15 Jan 2012 18:24:03 GMT) (full text, mbox, link).
Message #10 received at 655495@bugs.debian.org (full text, mbox, reply):
Hi Moritz,
Le mercredi 11 janvier 2012 18:37:42, Moritz Muehlenhoff a écrit :
> This is CVE-2011-4605
>
> Please see here for details and patches:
> http://openwall.com/lists/oss-security/2011/12/25/2
I was waiting for upstream to release new 5.6.x release with this security
fix... but, AFAIK, this won't happen in a timely fashion so I'll push this fix
into unstable via patches.
Regards,
--
Damien
Reply sent
to Damien Raude-Morvan <drazzib@debian.org>:
You have taken responsibility.
(Sun, 15 Jan 2012 19:18:14 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 15 Jan 2012 19:18:14 GMT) (full text, mbox, link).
Message #15 received at 655495-close@bugs.debian.org (full text, mbox, reply):
Source: activemq
Source-Version: 5.5.0+dfsg-5
We believe that the bug you reported is fixed in the latest version of
activemq, which is due to be installed in the Debian FTP archive:
activemq_5.5.0+dfsg-5.debian.tar.gz
to main/a/activemq/activemq_5.5.0+dfsg-5.debian.tar.gz
activemq_5.5.0+dfsg-5.dsc
to main/a/activemq/activemq_5.5.0+dfsg-5.dsc
activemq_5.5.0+dfsg-5_all.deb
to main/a/activemq/activemq_5.5.0+dfsg-5_all.deb
libactivemq-java-doc_5.5.0+dfsg-5_all.deb
to main/a/activemq/libactivemq-java-doc_5.5.0+dfsg-5_all.deb
libactivemq-java_5.5.0+dfsg-5_all.deb
to main/a/activemq/libactivemq-java_5.5.0+dfsg-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 655495@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damien Raude-Morvan <drazzib@debian.org> (supplier of updated activemq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 15 Jan 2012 19:38:21 +0100
Source: activemq
Binary: libactivemq-java libactivemq-java-doc activemq
Architecture: source all
Version: 5.5.0+dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Damien Raude-Morvan <drazzib@debian.org>
Description:
activemq - Java message broker - server
libactivemq-java - Java message broker core libraries
libactivemq-java-doc - Java message broker core libraries - documentation
Closes: 655495
Changes:
activemq (5.5.0+dfsg-5) unstable; urgency=high
.
* Fix CVE-2011-4905 (potential Denial of Service) by backporting upstream
patch on failover feature. (Closes: #655495).
* Set urgency=high for security fix.
Checksums-Sha1:
0092b65d80a68c39ce743c816f59846169858603 3318 activemq_5.5.0+dfsg-5.dsc
d654fd20fadbcfa6eca79a6cc3b5de3a06e2810c 16789 activemq_5.5.0+dfsg-5.debian.tar.gz
2751f97f28d67fd6e4bf8fe34953470234c53ca4 3615664 libactivemq-java_5.5.0+dfsg-5_all.deb
7f776012ed7db2070af051a240bad9f493fdf9e1 11535896 libactivemq-java-doc_5.5.0+dfsg-5_all.deb
97b9e44a2f6c5f84de3331f5bf4898afa6a9b31d 52810 activemq_5.5.0+dfsg-5_all.deb
Checksums-Sha256:
d072c50d4638a1b0dd8f60b1354e6623cdc36b7ce7f81c9ee0bb45d871074414 3318 activemq_5.5.0+dfsg-5.dsc
0166e917896c62754a8fc202083880202e4bb68480ed0cf64511dfc35bd50a3e 16789 activemq_5.5.0+dfsg-5.debian.tar.gz
888ba7ae32062d36890c9093b72cc793638ca02ab5103306277901f2a9a01390 3615664 libactivemq-java_5.5.0+dfsg-5_all.deb
e32fdae75be20ae026d1a56dc9b8ad5d85f63d09146a4c185c649d40c234c211 11535896 libactivemq-java-doc_5.5.0+dfsg-5_all.deb
bf0734a782306a9549b697095373fa2d32aa52792891fae3c3caf84e38ccaec7 52810 activemq_5.5.0+dfsg-5_all.deb
Files:
f256552e67eee232518c1a499bd6ae77 3318 java optional activemq_5.5.0+dfsg-5.dsc
eeccc1c11fbc8f33a84322f19e30ae56 16789 java optional activemq_5.5.0+dfsg-5.debian.tar.gz
a441393850b00237c86c4cac35f62d3f 3615664 java optional libactivemq-java_5.5.0+dfsg-5_all.deb
334690338a461026dda1060e57a27d4a 11535896 doc optional libactivemq-java-doc_5.5.0+dfsg-5_all.deb
6e0166e3939d74039ff7c221ebdf841b 52810 java optional activemq_5.5.0+dfsg-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJPEyLtAAoJEHXiDM0z50n84FEQAJ71fynSOou2JJIN+VR5iCXD
akJzTUIn3LsmHJMzVO4HdpDV8bGRBhkV8W5Aj6aPVV6qgnSdn6t27YS3WtMrvxt1
5xbHqfgbZ4C/OhkPyE/XP0dZF8cHSh6MimqliKY6YDOU1DZrYdBDqcukcUZ5oVg4
kDhxOo/1qxpl89sxnVCCN0v7fPqgone8mmx3jG/lLGVpdejVAwSFk0oKDxSEMh+3
Czf0VkJVPf110PgUDnxIY471ZoPG4hkzs2aayCbp7t0EiLsu9CsTosSdcIZZrwUb
JNtwJEfNAsPb59YGsMK1x6QAtRaVHXjrRdARYfMAPWIlFTI9T0GTp/zItEvtii12
CyO/nmHnVCC54l/lzInowkX5i3Z8185gm02Uz0OZTzjrNxC05WloXV0LCUwtTgR8
ZYKCTUbIIW4EdPiHX74UrF2dEM0UVgrQTtfuqUHK2uXO7hXIRnXuwgeMl18p4upC
H5VRoS1XiMiHLh6Z7Z5Nq21o5grYB2G9zLiOI6deJHDPiX5X8UJd4mM+ocJzW8qX
Cdj8f6wsoKUERYpkiwUjOBUzyGEN3v9wjpjtRflG0pSqNAro+bcHBMUhYOXh6zmY
UI2w3/lZKcZdwTl3w27d3P1X7W1xcdKlCg/1yt0n9K/ivR+0sVgysfsCMU4CJVHx
DTcJtr2MJDBSvmqQJbws
=JdjI
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 15 Feb 2012 07:47:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:13:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon