activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: Java_December vulnerability
Date Tue, 08 Dec 2015 21:27:15 GMT
The mitigation section simply says to upgrade to 5.13.0, which implies that
5.13.0 fixes all categories of this problem, including webconsole.  Is that
accurate?

Tim
On Dec 8, 2015 10:09 AM, "Dejan Bosanac" <dejan@nighttale.net> wrote:

> Hi,
>
> this has just been announced with its own CVE-2015-5254. More info can be
> found at
>
> http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
>
> Regards
> --
> Dejan Bosanac
> about.me/dejanb
>
> On Tue, Dec 8, 2015 at 4:41 PM, iali <iali@arcsolutions.com> wrote:
>
> > Thanks Tim,
> >
> > I did had a look at that site and it has got a comprehensive explanation
> > against this vulnerability. Also I have been having a discussion under
> > AMQ-6013 <https://issues.apache.org/jira/browse/AMQ-6013>   and it seems
> > that we can use CVE-2015-4852 based on comment in
> >
> >
> >
> https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15046732#comment-15046732
> >
> >
> >
> > --
> > View this message in context:
> >
> http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610p4704781.html
> > Sent from the ActiveMQ - User mailing list archive at Nabble.com.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message