oss-security - Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 17 Mar 2016 11:42:59 -0400
From: Christopher Shannon <christopher.l.shannon@...il.com>
To: users@...ivemq.apache.org
Cc: dev@...ivemq.apache.org, security@...che.org, 
	oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting

Thanks for pointing that out, I have fixed the announcement.

On Thu, Mar 17, 2016 at 11:25 AM, Derek Mahar <derek.mahar@...il.com> wrote:

> The security advisory announcement claims that ActiveMQ 5.13.1 and
> older versions are affected and that ActiveMQ 5.13.2 fixes the issues.
>
> On 10 March 2016 at 07:45, Christopher Shannon
> <christopher.l.shannon@...il.com> wrote:
> > There following security vulnerability was reported against Apache
> > ActiveMQ 5.13.0 and older versions.
> >
> > Please check the following document and see if you’re affected by the
> issue.
> >
> >
> http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
> >
> > Apache ActiveMQ 5.13.1 and newer with appropriate fixes was released and
> > available for upgrade.
>
>
>
> --
> Derek Mahar
> 1.514.316.6736 Home
> 1.514.316.7348 Mobile
> 1.514.461.3650 x230 Work
> 102-1365 boulevard René-Lévesque Est
> Montréal QC H2L 2M1
> Canada
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.