activemq - Debian Package Tracker

general

source: activemq (main)
version: 5.17.6+dfsg-1
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Damien Raude-Morvan [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.15.8-2
o-o-sec: 5.15.16-0+deb10u1
oldstable: 5.16.1-1
old-sec: 5.16.1-1+deb11u1
stable: 5.17.2+dfsg-2+deb12u1
stable-sec: 5.17.2+dfsg-2+deb12u1
testing: 5.17.6+dfsg-1
unstable: 5.17.6+dfsg-1

versioned links

5.15.8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.15.16-0+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.16.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.16.1-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.17.2+dfsg-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.17.6+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

activemq (3 bugs: 0, 3, 0, 0)
libactivemq-java

action needed

Marked for autoremoval on 21 June: #1104933 high

Version 5.17.6+dfsg-1 of activemq is marked for autoremoval from testing on Sat 21 Jun 2025. It is affected by #1104933. The removal of activemq will also cause the removal of (transitive) reverse dependency: uima-as. You should try to prevent the removal by fixing these RC bugs.

Created: 2025-05-15 Last update: 2025-05-19 07:04

A new upstream version is available: 6.1.6 high

A new upstream version 6.1.6 is available, you should consider packaging it.

Created: 2022-11-30 Last update: 2025-05-19 06:00

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Created: 2025-05-07 Last update: 2025-05-08 20:33

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Created: 2025-05-07 Last update: 2025-05-08 20:33

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Created: 2025-05-07 Last update: 2025-05-08 20:33

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-27533: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.

Created: 2025-05-07 Last update: 2025-05-08 20:33

lintian reports 1 error and 1 warning high

Lintian reports 1 error and 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-13 Last update: 2024-07-30 22:31

Depends on packages which need a new maintainer normal

The packages that activemq depends on which need a new maintainer are:

javacc-maven-plugin (#922602)
- Build-Depends: libjavacc-maven-plugin-java

Created: 2019-11-22 Last update: 2025-05-19 07:04

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 5.17.6+dfsg-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 3d9d960aee89e6e61f118b1f639411bfa5617b48
Author: Pierre Gruet <pgt@debian.org>
Date:   Tue Oct 8 21:34:53 2024 +0200

    Updating changelog

commit d1beae05c8b044e8384dadefd59d64f4f55feb1b
Author: Pierre Gruet <pgt@debian.org>
Date:   Tue Oct 8 21:33:53 2024 +0200

    Removing the patch about missing Maven artifact as libxstream-java now properly declares the classpath of its jar

Created: 2024-10-10 Last update: 2025-05-18 16:27

debian/patches: 4 patches to forward upstream low

Among the 7 debian patches available in version 5.17.6+dfsg-1 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-11-19 16:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2025-02-27 13:25

news

[rss feed]

[2024-10-27] Accepted activemq 5.17.2+dfsg-2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Santiago Ruano Rincón)
[2024-10-26] Accepted activemq 5.17.2+dfsg-2+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Santiago Ruano Rincón)
[2024-10-25] Accepted activemq 5.16.1-1+deb11u1 (source) into oldstable-security (Santiago Ruano Rincón)
[2023-11-24] activemq 5.17.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-11-20] Accepted activemq 5.15.16-0+deb10u1 (source) into oldoldstable (Markus Koschany)
[2023-11-19] Accepted activemq 5.17.6+dfsg-1 (source) into unstable (tony mancill)
[2023-02-23] activemq 5.17.2+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-02-12] Accepted activemq 5.17.2+dfsg-2 (source) into unstable (tony mancill)
[2022-10-31] activemq 5.17.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-10-24] Accepted activemq 5.17.2+dfsg-1 (source) into unstable (Pierre Gruet)
[2022-07-08] activemq 5.16.1-2 MIGRATED to testing (Debian testing watch)
[2022-07-01] Accepted activemq 5.16.1-2 (source) into unstable (Pierre Gruet)
[2021-09-24] activemq REMOVED from testing (Debian testing watch)
[2021-03-12] activemq 5.16.1-1 MIGRATED to testing (Debian testing watch)
[2021-03-05] Accepted activemq 5.14.3-3+deb9u2 (source) into oldstable (Abhijith PA)
[2021-03-02] Accepted activemq 5.16.1-1 (source) into unstable (Markus Koschany)
[2020-10-13] activemq 5.16.0-1 MIGRATED to testing (Debian testing watch)
[2020-10-13] activemq 5.16.0-1 MIGRATED to testing (Debian testing watch)
[2020-10-07] Accepted activemq 5.14.3-3+deb9u1 (source) into oldstable (Markus Koschany)
[2020-10-07] Accepted activemq 5.16.0-1 (source) into unstable (Markus Koschany)
[2020-01-07] activemq 5.15.11-1 MIGRATED to testing (Debian testing watch)
[2020-01-06] activemq REMOVED from testing (Debian testing watch)
[2019-11-29] activemq 5.15.11-1 MIGRATED to testing (Debian testing watch)
[2019-11-23] Accepted activemq 5.15.11-1 (source) into unstable (Markus Koschany)
[2019-09-04] activemq 5.15.10-1 MIGRATED to testing (Debian testing watch)
[2019-08-29] Accepted activemq 5.15.10-1 (source) into unstable (Markus Koschany)
[2019-08-09] activemq 5.15.9-1 MIGRATED to testing (Debian testing watch)
[2019-08-04] Accepted activemq 5.15.9-1 (source) into unstable (Markus Koschany)
[2019-01-03] activemq 5.15.8-2 MIGRATED to testing (Debian testing watch)
[2018-12-28] Accepted activemq 5.15.8-2 (source) into unstable (Markus Koschany)

bugs [bug history graph]

all: 5
RC: 1
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.17.6+dfsg-1
2 bugs