activemq - Debian Package Tracker

general

source: activemq (main)
version: 5.17.6+dfsg-2
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Damien Raude-Morvan [DMD] – Emmanuel Arias [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.15.8-2
o-o-sec: 5.15.16-0+deb10u1
oldstable: 5.16.1-1
old-sec: 5.16.1-1+deb11u1
stable: 5.17.2+dfsg-2+deb12u1
stable-sec: 5.17.2+dfsg-2+deb12u1
testing: 5.17.6+dfsg-2
unstable: 5.17.6+dfsg-2

versioned links

5.15.8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.16-0+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.16.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.16.1-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.17.2+dfsg-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.17.6+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

activemq (3 bugs: 0, 3, 0, 0)
libactivemq-java

action needed

A new upstream version is available: 6.1.6 high

A new upstream version 6.1.6 is available, you should consider packaging it.

Created: 2022-11-30 Last update: 2025-06-13 00:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Created: 2025-05-07 Last update: 2025-06-08 07:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Created: 2025-05-07 Last update: 2025-06-08 07:00

lintian reports 1 error and 1 warning high

Lintian reports 1 error and 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-06-03 Last update: 2025-06-03 05:30

Depends on packages which need a new maintainer normal

The packages that activemq depends on which need a new maintainer are:

javacc-maven-plugin (#922602)
- Build-Depends: libjavacc-maven-plugin-java

Created: 2019-11-22 Last update: 2025-06-13 03:01

debian/patches: 4 patches to forward upstream low

Among the 7 debian patches available in version 5.17.6+dfsg-2 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-06-03 07:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2025-06-03 00:33

news

[rss feed]

[2025-06-08] activemq 5.17.6+dfsg-2 MIGRATED to testing (Debian testing watch)
[2025-06-02] Accepted activemq 5.17.6+dfsg-2 (source) into unstable (Emmanuel Arias)
[2024-10-27] Accepted activemq 5.17.2+dfsg-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Santiago Ruano Rincón)
[2024-10-26] Accepted activemq 5.17.2+dfsg-2+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Santiago Ruano Rincón)
[2024-10-25] Accepted activemq 5.16.1-1+deb11u1 (source) into oldstable-security (Santiago Ruano Rincón)
[2023-11-24] activemq 5.17.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-11-20] Accepted activemq 5.15.16-0+deb10u1 (source) into oldoldstable (Markus Koschany)
[2023-11-19] Accepted activemq 5.17.6+dfsg-1 (source) into unstable (tony mancill)
[2023-02-23] activemq 5.17.2+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-02-12] Accepted activemq 5.17.2+dfsg-2 (source) into unstable (tony mancill)
[2022-10-31] activemq 5.17.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-10-24] Accepted activemq 5.17.2+dfsg-1 (source) into unstable (Pierre Gruet)
[2022-07-08] activemq 5.16.1-2 MIGRATED to testing (Debian testing watch)
[2022-07-01] Accepted activemq 5.16.1-2 (source) into unstable (Pierre Gruet)
[2021-09-24] activemq REMOVED from testing (Debian testing watch)
[2021-03-12] activemq 5.16.1-1 MIGRATED to testing (Debian testing watch)
[2021-03-05] Accepted activemq 5.14.3-3+deb9u2 (source) into oldstable (Abhijith PA)
[2021-03-02] Accepted activemq 5.16.1-1 (source) into unstable (Markus Koschany)
[2020-10-13] activemq 5.16.0-1 MIGRATED to testing (Debian testing watch)
[2020-10-13] activemq 5.16.0-1 MIGRATED to testing (Debian testing watch)
[2020-10-07] Accepted activemq 5.14.3-3+deb9u1 (source) into oldstable (Markus Koschany)
[2020-10-07] Accepted activemq 5.16.0-1 (source) into unstable (Markus Koschany)
[2020-01-07] activemq 5.15.11-1 MIGRATED to testing (Debian testing watch)
[2020-01-06] activemq REMOVED from testing (Debian testing watch)
[2019-11-29] activemq 5.15.11-1 MIGRATED to testing (Debian testing watch)
[2019-11-23] Accepted activemq 5.15.11-1 (source) into unstable (Markus Koschany)
[2019-09-04] activemq 5.15.10-1 MIGRATED to testing (Debian testing watch)
[2019-08-29] Accepted activemq 5.15.10-1 (source) into unstable (Markus Koschany)
[2019-08-09] activemq 5.15.9-1 MIGRATED to testing (Debian testing watch)
[2019-08-04] Accepted activemq 5.15.9-1 (source) into unstable (Markus Koschany)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.17.6+dfsg-2
2 bugs