[Secure-testing-team] Bug#860866: activemq: CVE-2015-7559: DoS in client via shutdown command
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 21 06:24:01 UTC 2017
Source: activemq
Version: 5.6.0+dfsg1-4
Severity: important
Tags: upstream patch security
Forwarded: https://issues.apache.org/jira/browse/AMQ-6470
Hi,
the following vulnerability was published for activemq.
CVE-2015-7559[0]:
DoS in client via shutdown command
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559
[1] https://issues.apache.org/jira/browse/AMQ-6470
[2] https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
I'm not too familiar with activemq, but from code inspection only the
class (although on different path in the source) is present back as
well in the version in jessie.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list