[activemq] 01/01: Fixed CVE-2014-3576 (Closes: #792857)

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Mon Aug 3 19:50:25 UTC 2015 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch jessie
in repository activemq.

commit fbdc5543e901efa272f8282e73e09933e9897ee6
Author: Emmanuel Bourg <ebourg at apache.org>
Date:   Mon Aug 3 21:31:23 2015 +0200

    Fixed CVE-2014-3576 (Closes: #792857)
---
 debian/changelog                   |  8 ++++++++
 debian/patches/CVE-2014-3576.patch | 15 +++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 24 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 0e67193..997956b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+activemq (5.6.0+dfsg1-4+deb8u1) jessie-security; urgency=high
+
+  * Team upload.
+  * Fixed CVE-2014-3576: DoS via unauthenticated remote shutdown command
+    (Closes: #792857)
+
+ -- Emmanuel Bourg <ebourg at apache.org>  Mon, 03 Aug 2015 19:17:04 +0200
+
 activemq (5.6.0+dfsg1-4) unstable; urgency=high
 
   * Team upload.
diff --git a/debian/patches/CVE-2014-3576.patch b/debian/patches/CVE-2014-3576.patch
new file mode 100644
index 0000000..1082882
--- /dev/null
+++ b/debian/patches/CVE-2014-3576.patch
@@ -0,0 +1,15 @@
+Description: Fix for CVE-2014-3576: DoS via unauthenticated remote shutdown command 
+Origin: backport, https://github.com/apache/activemq/commit/00921f2
+--- a/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnection.java
++++ b/activemq-core/src/main/java/org/apache/activemq/broker/TransportConnection.java
+@@ -1408,10 +1408,6 @@
+     }
+ 
+     public Response processControlCommand(ControlCommand command) throws Exception {
+-        String control = command.getCommand();
+-        if (control != null && control.equals("shutdown")) {
+-            System.exit(0);
+-        }
+         return null;
+     }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 3ab28cb..febce4e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ exclude_mqtt.diff
 exclude_leveldb.diff
 CVE-2014-3600.patch
 CVE-2014-3612.patch
+CVE-2014-3576.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/activemq.git

More information about the pkg-java-commits mailing list