[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted activemq 5.16.1-1+deb11u2 (source) into oldstable-security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Jun 2025 07:36:16 -0300
Source: activemq
Architecture: source
Version: 5.16.1-1+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Arias <eamanu@debian.org>
Closes: 1104933
Changes:
 activemq (5.16.1-1+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-27533: Avoid memory allocation with excessive size value during
     unmarshalling of OpenWire commands. The size value of buffers was not
     properly validated which could lead to excessive memory allocation
     and be exploited to cause a denial of service (Closes: #1104933).
     - d/control: Add libjavassist-java as build dependency. It is needed for
     the patch.
Checksums-Sha1:
 41c91a084393849de441981478ec8a238c00d372 3517 activemq_5.16.1-1+deb11u2.dsc
 7e3a8b90dda1676c4d85979aedc2a1d33d0ead3a 30012 activemq_5.16.1-1+deb11u2.debian.tar.xz
 737f5995ae1200a48aeb092d9e6da28c639dc5d6 16871 activemq_5.16.1-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
 feede72ca59c998ff23cc6b989fc222e2885ac253e31a3a6aebcdc81f74a3ffa 3517 activemq_5.16.1-1+deb11u2.dsc
 b22d6d4c2ba3bb3c7dd2057baef7fdea661d15fd423449a5e8cb6961d762316f 30012 activemq_5.16.1-1+deb11u2.debian.tar.xz
 2efd2d981dea938baa5be179c7e456d2aec91130e86c2908273c90574c76a69e 16871 activemq_5.16.1-1+deb11u2_amd64.buildinfo
Files:
 879ebec81c595d424af2294d4f37e59e 3517 java optional activemq_5.16.1-1+deb11u2.dsc
 10eac39b4151428885d44ce9e15dc475 30012 java optional activemq_5.16.1-1+deb11u2.debian.tar.xz
 8c0e354dac2525748041cb5c2ee2708a 16871 java optional activemq_5.16.1-1+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmhT8zwSHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPx28wQAIJN1nK0HpXfzObvicEbIEYBxIJvLTcc
Obz9dta0Xo3e6xWhjoKg9SLYSHOFikkc4PZq6azeZBdRYsUJepbgy4yhVzhncKpX
xOXXjo/zNIHpnqZ+TSuemGaL31CDw4tnOTklkqwnDn8Vf703tCEeKdAASz8i+bib
NcM//VJJ5glrxuSEbbJzIHkeOf4ApBGDFa13LSJV6v28xniZd5guEoQOVKLjJaku
tSYVYV+ipMiKQcwu74vqMB5nXBpo7x56XO+O25RJ8SqMjbRD7AU8WpVWk4SWhdEZ
Kvp95zZnEYpwnIGZrJaUdT5bnlbSzngO/EH32A8eBt9w7Lc5l4ShYPXeSNj328cz
PuTNkRZM9rFhpFmqfMYnok4MYWOClaebJkPDnZyqJt1dyrBUasoQRvF5/OCmucPo
A/+ORv18WcMFGLCbI6NXleGQdIhlrDz1gpeSdP+5RrAolW8BVT74Kxd1KDwGBey3
HF+4giWGrfBSgf+2S4sCn8p98+P8QlUQOh/xq7wZrkkW2QQA4xmHwCPHbA+jODMl
9Si6qvXdq9BXdIGz2EWIfTtRPGahHJ+4Q4vGNy44eU2SxS9/vQGat3N+rqInPoKo
lU5MaYCm1izDI+RLkr2mWXVTXVYWB/w+0aC83cb5h+nX6bEYz4lGG9KelZCgQdIY
7cgQlC7zPvVB
=Uhaz
-----END PGP SIGNATURE-----

Attachment: pgpSuEgbJ6InN.pgp
Description: PGP signature

Reply to: