[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted activemq 5.14.3-3+deb9u1 (source) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 Oct 2020 21:48:36 +0200
Source: activemq
Binary: libactivemq-java libactivemq-java-doc activemq
Architecture: source
Version: 5.14.3-3+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 activemq   - Java message broker - server
 libactivemq-java - Java message broker core libraries
 libactivemq-java-doc - Java message broker core libraries - documentation
Changes:
 activemq (5.14.3-3+deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2020-13920:
     Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI
     registry and binds the server to the "jmxrmi" entry. It is possible to
     connect to the registry without authentication and call the rebind method
     to rebind jmxrmi to something else. If an attacker creates another server
     to proxy the original, and bound that, he effectively becomes a man in the
     middle and is able to intercept the credentials when an user connects.
Checksums-Sha1:
 9a53bc141531d99fddfd278ed9e006da0be9ff6a 3674 activemq_5.14.3-3+deb9u1.dsc
 f4c081187cf4059ad2bbd593e865aa7e30998ec8 2639536 activemq_5.14.3.orig.tar.xz
 6eed9a4cc296264bb0bab4ab9c3e37d726730f1f 17484 activemq_5.14.3-3+deb9u1.debian.tar.xz
 764db7f25684e67beb64eb0de97b4446e95c8b15 18050 activemq_5.14.3-3+deb9u1_amd64.buildinfo
Checksums-Sha256:
 642e9df5ddeadf92312e88a4f2780c7a048355ee4e280a0551215a0d76597459 3674 activemq_5.14.3-3+deb9u1.dsc
 a3aaf6ddeeaee0f75427c182ae529298e1d0477bb25e8ab19dcad0e52fb992f2 2639536 activemq_5.14.3.orig.tar.xz
 91868479d50e742a5bed2d70e7ccbea9ef20666a23d4643165db3ba770b7c9d8 17484 activemq_5.14.3-3+deb9u1.debian.tar.xz
 7e7dabc51f3ec77f81f7d4415d349777718d426b5e1acf01ae85ab663ea19208 18050 activemq_5.14.3-3+deb9u1_amd64.buildinfo
Files:
 1417de21e87655396526ccf1b5636d44 3674 java optional activemq_5.14.3-3+deb9u1.dsc
 8587d456581c94a10c63c76946ff50bc 2639536 java optional activemq_5.14.3.orig.tar.xz
 f9cad61167257f73a1c2f6d511d186c9 17484 java optional activemq_5.14.3-3+deb9u1.debian.tar.xz
 eb5bb9a7fb90fc1504288f111c20ee62 18050 java optional activemq_5.14.3-3+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl9+NkRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk50oP+wcSeuJ3oLI+SpG//oBYHhL9DVPGpAbai9Ca
0piC0X46GUQzpflfoFOD5QkPJzf8ZH3xOLeQL2vaVku0Foq1sqj6e3Ia3GrEfIit
CReApvfgX1sqkYb74niqTIQTzhUrw8U5pT1sTojMWSjP/ZNzUN0r67N4uAOt+xpZ
cF0spr6no6m1+HOLcPsC/6tPXtLB7Im1JQnOkZloAIOlMGl1b93x26hhJqKsJb6w
HvKxH0e7+QZ6C2cIzkKF3xHVmWU6cQNKqPFsrlId0+Gq2FzMv0MkHgPHRJ+8l4/8
Iz3Fw3+fsnLrMDvmZGxe1C0lIGx6QH3G9qLp/SVPUCtOntEe67a9KxjS2B7eEWFG
yWH/y3LMX8qGhsCUCjPcpqkm35BhLFEGdGtqBK66JvuWJf4L+NMHD9ldxTXb2tUB
OICY06uiSTc4Mza5/rCW/tzYZhOL0FAQ2uWpIEzzPm2Ad3llhkpx4v9BkZGFTqvA
t69GcuZLwuxCCyI/B4S0gV9U0VOgv7J0kRZfA+EHbqZsWW8JfJwfoHo60c58k/F0
25eP2rqmyT3MESe8tzAxgOKeQuE9rQVo7WjYe2NSpUmu6D1iUGoQriE2NFaXbI6k
+tTGNYMFlfIgUGyEK9oRQOYU032QO/8hU1XN1NJrpGjYOSlUWwopfFyO5Nr12Pgh
KjJwQY4A
=raE/
-----END PGP SIGNATURE-----
Reply to: