[Git][java-team/activemq][bullseye] Non-maintainer upload by the LTS Security Team.

Emmanuel Arias (@eamanu) gitlab at salsa.debian.org
Fri Jun 13 11:40:37 BST 2025 


Emmanuel Arias pushed to branch bullseye at Debian Java Maintainers / activemq


Commits:
712ee7ba by Emmanuel Arias at 2025-06-13T07:40:26-03:00
Non-maintainer upload by the LTS Security Team.

* Non-maintainer upload by the LTS Security Team.
* CVE-2025-27533: Avoid memory allocation with excessive size value during
  unmarshalling of OpenWire commands. The size value of buffers was not
  properly validated which could lead to excessive memory allocation
  and be exploited to cause a denial of service (Closes: #1104933).
  - d/control: Add libjavassist-java as build dependency. It is needed for
  the patch.

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/CVE-2025-27533.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+activemq (5.16.1-1+deb11u2) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the LTS Security Team.
+  * CVE-2025-27533: Avoid memory allocation with excessive size value during
+    unmarshalling of OpenWire commands. The size value of buffers was not
+    properly validated which could lead to excessive memory allocation
+    and be exploited to cause a denial of service (Closes: #1104933).
+
+ -- Emmanuel Arias <eamanu at debian.org>  Fri, 13 Jun 2025 07:36:16 -0300
+
 activemq (5.16.1-1+deb11u1) bullseye-security; urgency=medium
 
   * Non-maintainer upload by the LTS Team.


=====================================
debian/patches/CVE-2025-27533.patch
=====================================
The diff for this file was not included because it is too large.

=====================================
debian/patches/series
=====================================
@@ -7,3 +7,4 @@ maven-xbean-plugin.patch
 enable-activemq-jdbc-store-module.patch
 0001-AMQ-9370-Openwire-marshaller-should-validate-Throwab.patch
 0001-AMQ-9201-Update-Jolokia-default-access-configuration.patch
+CVE-2025-27533.patch



View it on GitLab: https://salsa.debian.org/java-team/activemq/-/commit/712ee7ba137cb253d447da1aaf3d959d0149a914

-- 
View it on GitLab: https://salsa.debian.org/java-team/activemq/-/commit/712ee7ba137cb253d447da1aaf3d959d0149a914
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20250613/da11b427/attachment.htm>

More information about the pkg-java-commits mailing list