activemq (5.6.0+dfsg-1+deb7u2) wheezy-security; urgency=high * Team upload. * Fix CVE-2015-5254: Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. -- Markus Koschany Fri, 18 Mar 2016 22:47:35 +0100 activemq (5.6.0+dfsg-1+deb7u1) wheezy-security; urgency=high * Team upload. * Fixed security issues (Closes: #777196, #792857) - CVE-2014-3612: JAAS LDAPLoginModule allows empty password authentication - CVE-2014-3600: XML External Entity expansion when evaluating XPath expressions - CVE-2014-3576: DoS via unauthenticated remote shutdown command - Disable JMX by default (Closes: #769887) -- Emmanuel Bourg Fri, 07 Aug 2015 22:16:39 +0200 activemq (5.6.0+dfsg-1) unstable; urgency=low * New upstream release: - Refresh all patches. - Drop d/patches/CVE-2011-4605.diff: merged upstream. - d/patches/exclude_mqtt.diff: Disable MQTT transport. - d/patches/exclude_leveldb.diff: Disable LevelDB Store. * d/maven.rules: Upgrade internal components version. * Build-Depends on libxstream-java (>= 1.4). -- Damien Raude-Morvan Fri, 25 May 2012 00:47:55 +0200 activemq (5.5.0+dfsg-7) unstable; urgency=low [ Ulrich Dangel ] * Install the activemq-{core,console,run} and kahadb jar files to /usr/share/java. (Closes: #668943) - Add the necessary --java-lib flag to d/libactivemq-java.poms [ Damien Raude-Morvan ] * Thanks to Ulrich Dangel for RC bugfix, upload to unstable. -- Damien Raude-Morvan Tue, 01 May 2012 14:38:27 +0200 activemq (5.5.0+dfsg-6) unstable; urgency=low * d/patches/activemq-admin.patch: Fix activemq-admin "unexpected operator" (Closes: #662698). Thanks to Mathieu Mitchell. * Bump Standards-Version to 3.9.3: no changes needed. -- Damien Raude-Morvan Sun, 01 Apr 2012 20:26:10 +0200 activemq (5.5.0+dfsg-5) unstable; urgency=high * Fix CVE-2011-4905 (potential Denial of Service) by backporting upstream patch on failover feature. (Closes: #655495). * Set urgency=high for security fix. -- Damien Raude-Morvan Sun, 15 Jan 2012 19:38:21 +0100 activemq (5.5.0+dfsg-4) unstable; urgency=low * d/activemq.init: Merge change proposed by Jonas Genannt to allow console startup, useful for debugging purposes. (Closes: #645241). -- Damien Raude-Morvan Wed, 26 Oct 2011 21:13:20 +0200 activemq (5.5.0+dfsg-3) unstable; urgency=low * d/control: Wrap-and-sort Build-Depends. * d/activemq.links: Since libasm3-java package now provide splited JAR also link all ASM3 jars (Closes: #644834). * d/maven.rules: - Don't replace osgi artifacts since they are now provided by official osgi-core package. - Force 2.1.1 version of maven-war-plugin. -- Damien Raude-Morvan Tue, 11 Oct 2011 23:11:16 +0200 activemq (5.5.0+dfsg-2) unstable; urgency=low * Drop d/patches/exclude_xsd_install.diff and install XSD files into JAR. * Build-Depends on libxbean-java 3.7 for maven-xbean-plugin. * Add new "activemq" package to start ActiveMQ server: - d/activemq.{postinst,prerm}: Create a activemq system user - d/activemq.{install,links}: Install activemq and activemq-admin commands to /usr/bin/, set /usr/share/activemq/ as ACTIVEMQ_HOME and install many examples into /usr/share/doc/activemq/examples/. - d/activemq.README.Debian: Describe how to setup an alternative instance (Closes: #634868). - Provide a way to handle multi-instances of activemq. Each directory inside /etc/activemq/instances-enabled/ will be started as an instance with its own configuration. Thanks to Jonas Genannt for patch. * d/patches/javadoc_links.diff: Update links to system-wide Javadoc. * d/libactivemq-java.README.Debian: Describe disabled features regarding upstream package. * d/control: Don't use package name in synospis. -- Damien Raude-Morvan Sun, 04 Sep 2011 18:50:59 +0200 activemq (5.5.0+dfsg-1) unstable; urgency=low * Initial release (Closes: #627778). -- Damien Raude-Morvan Tue, 21 Jun 2011 00:32:12 +0200