1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1104933: marked as done (activemq: CVE-2025-27533) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Mon Jun 2 18:10:01 2025
    [continued from previous message]

    USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 106; hammy, 150; neutral, 170; spammy,
    0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK,
    0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload,
    0.000-+--UD:debian.tar.xz, 0.000-+--H*RU:sk:fasolo.
    Return-path: <envelope@ftp-master.debian.org>
    Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]:36278)
    from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=mailly.debian.org,EMAIL=hostmaster@mailly.debian.org (verified)
    by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
    (Exim 4.96)
    (envelope-from <envelope@ftp-master.debian.org>)
    id 1uM7eo-008rfK-2d
    for 1104933-close@bugs.debian.org;
    Mon, 02 Jun 2025 16:05:02 +0000
    Received: from [192.91.235.231] (port=42250 helo=fasolo.debian.org)
    from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=fasolo.debian.org,EMAIL=hostmaster@fasolo.debian.org (verified)
    by mailly.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
    (Exim 4.94.2)
    (envelope-from <envelope@ftp-master.debian.org>)
    id 1uM7el-002kSd-K9
    for 1104933-close@bugs.debian.org; Mon, 02 Jun 2025 16:04:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type:
    Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID
    :Content-Description:In-Reply-To:References;
    bh=HBciXAd+P38GELiVDkWY2/8MadoWyVled5YcQWRuLZQ=; b=FIFLCs2JywAV3xGIlcCPpwQMsh
    7bfZgcrYIp9MzdG+Zojr8ub/Zf1kmSbXCW4GRNJvaWzuzGeKpvHkqUfvpkHped+2diVHraKb5jupz
    VdiTk+rDQcFW37KBNH6JGp2tOXK93r70UCRCjcajqWX8hZDynMdFlhg+d1HSxcceOksqPWbyNmFgI
    m45POrntfVGxL5NRr+trj+v2ba8uXU4WbxizBBMBsKlWh3zYyhwE8JJAinx98/5z3XI+EKlbiNoTR
    2voL9TFp7qwHBWMzlmk5/soXnh0GNGWNyBTWSwVzHJTYd3KOiI1zu7HSuOuMbFzsU8F3J3Cj1UDYL
    yKlowBig==;
    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <envelope@ftp-master.debian.org>)
    id 1uM7ej-009VmX-IW; Mon, 02 Jun 2025 16:04:57 +0000
    From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
    Reply-To: Emmanuel Arias <eamanu@debian.org>
    To: 1104933-close@bugs.debian.org
    X-DAK: dak process-upload
    X-Debian: DAK
    X-Debian-Package: activemq
    Debian: DAK
    Debian-Changes: activemq_5.17.6+dfsg-2_source.changes
    Debian-Source: activemq
    Debian-Version: 5.17.6+dfsg-2
    Debian-Architecture: source
    Debian-Suite: unstable
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1104933: fixed in activemq 5.17.6+dfsg-2
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============5137977219351935076=="
    Message-Id: <E1uM7ej-009VmX-IW@fasolo.debian.org>
    Date: Mon, 02 Jun 2025 16:04:57 +0000

    --===============5137977219351935076==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: activemq
    Source-Version: 5.17.6+dfsg-2
    Done: Emmanuel Arias <eamanu@debian.org>

    We believe that the bug you reported is fixed in the latest version of activemq, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to 1104933@bugs.debian.org,
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Emmanuel Arias <eamanu@debian.org> (supplier of updated activemq package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 29 May 2025 16:29:53 -0300
    Source: activemq
    Architecture: source
    Version: 5.17.6+dfsg-2
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Emmanuel Arias <eamanu@debian.org>
    Closes: 1104933
    Changes:
    activemq (5.17.6+dfsg-2) unstable; urgency=medium
    .
    [ Pierre Gruet ]
    * Removing the patch about missing Maven artifact as libxstream-java now
    properly declares the classpath of its jar
    .
    [Emmanuel Arias]
    * CVE-2025-27533: Avoid memory allocation with excessive size value during
    unmarshalling of OpenWire commands. The size value of buffers was not
    properly validated which could lead to excessive memory allocation
    and be exploited to cause a denial of service (Closes: #1104933).
    - d/control: Add libjavassist-java as build dependency. It is needed for
    the patch.
    * d/control: Add myself as uploaders.
    Checksums-Sha1:
    b094c4c9a8370796f55f64508e8fc87a590a86a5 3605 activemq_5.17.6+dfsg-2.dsc
    2dd2c7746e3be1e0d648c7276d436feca7e2235d 27968 activemq_5.17.6+dfsg-2.debian.tar.xz
    18c0a3f945796edce2fcdc35b5311975f1ffc089 18889 activemq_5.17.6+dfsg-2_amd64.buildinfo
    Checksums-Sha256:
    169caefb8ae24ad6c4e63a539a745901eb59dd2d01dc58955d72116bb59cb5f8 3605 activemq_5.17.6+dfsg-2.dsc
    b7743fece6e99c697bb64754ea98f6fe8704817f7d58ce9bbaba22df47c365ea 27968 activemq_5.17.6+dfsg-2.debian.tar.xz
    a2eae3f55bbe5da6508f01288f7cf324b9aaee4805d3ac0ef827534c56d53e40 18889 activemq_5.17.6+dfsg-2_amd64.buildinfo
    Files:
    9e8331b5f6fae3dfe52c05461259459a 3605 java optional activemq_5.17.6+dfsg-2.dsc
    b38bb184cc4adc0e0508d003f1e77800 27968 java optional activemq_5.17.6+dfsg-2.debian.tar.xz
    41e666d9faf7388d2d46647fb29fd347 18889 java optional activemq_5.17.6+dfsg-2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmg9xZQSHGVhbWFudUBk ZWJpYW4ub3JnAAoJEPqd7F3hHGPxMA0P/ikANbISCbTBwftdl4yjPfD1LUrdzXy6 1kAb+7EB6geJwLzh/yKl4zMTIJ3iU0QgpdcOqOcM/FlZB6qVGSwyuC02k1pHZb9m DX5xO43VWe4BM7vJ6Vy7cexSjgO+un6B3OJ3CMViCBtYv4WiA/dUF5xNe0B0G/h3 KwSGlRAGpMMFuSTi/o1iiQaxOWIUOyrfCNsloKF1Q18KpQIZIQUy6pO2O1ctt6VT l+gkIM7OPjQHEZcbN9ZiLOcLgZRmGUgJe4M/W2FIStkoG/yjQTy29b0J+YJddxAr 2VEBCGDOqkBhFFFOE/UzxBtPBNmOLJfnsdtcHaqus3aXQn5Pf5WJS7/DBEQtcsU+ R240KWxnL4DHB2xKxzGFgC+UvTtkDDr3IEMVyyVbSpB+tpElpsx60CRwATvLlyEK v3LKG12nak54H2hptcdbDAbdlF2fv2uI/mlTwGoKN6FMcDmGFq2PiItofN5g1BBd 0N5JSNcShyN08zq0dirCnWS4cnL4G9Fg041PqpgwDtEnryPOoOhECpl97PalWCRb rgHVkkQIxBW+ibzqHxCw8/2Hl8vD1KY43Zgn4Acv+djeoNUs0LDFfE/ZiebJRgkr FE8hMw0tGqt+D9Lq69EIpN+VURl0Y/qZ6lIDffehikVH3OaxTg6/bpmrp/wcmc6W
    sezx3qRsV1v5
    =iJ1T
    -----END PGP SIGNATURE-----


    --==============Q37977219351935076=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaD3LqQAKCRCb9qggYcy5 IU1jAQCyTBXxwJRqk+luHXJdrV3pTHZqvsJObq3pQ/In/yJZfwEA+iR3RUVNgGap M4TsypXqlFqdysix7L+C7jV1tNJp/gs=eilZ
    -----END PGP SIGNATURE-----

    --==============Q37977219351935076==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)