Marked for autoremoval on 05 February due to zookeeper: #938892high
Version 5.15.11-1 of activemq is marked for autoremoval from testing on Wed 05 Feb 2020. It depends (transitively) on zookeeper, affected by #938892. You should try to prevent the removal by fixing these RC bugs.
Depends on packages which need a new maintainer
normal
The packages that activemq depends on which need a new maintainer are:
CVE-2018-11775: TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
CVE-2018-11775: TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
CVE-2017-15709: When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
CVE-2019-0222: In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Please fix them.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.0 instead of
4.4.1).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/a/activemq.png){kind=link}