Bug 208163 - net/activemq - multiple vulnerabilities
Summary: net/activemq - multiple vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Tom Judge
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-20 20:27 UTC by Sevan Janiyan
Modified: 2016-03-25 17:05 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (tj)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-03-25 17:04:29 UTC 
A commit references this bug:

Author: tj
Date: Fri Mar 25 17:04:03 UTC 2016
New revision: 411865
URL: https://svnweb.freebsd.org/changeset/ports/411865

Log:
  Document multipule activemq vulnerabilities:
  	CVE-2016-0782 - ActiveMQ Web Console - Cross-Site Scripting
  	CVE-2016-0734 - ActiveMQ Web Console - Clickjacking
  	CVE-2015-5254 - Unsafe deserialization in ActiveMQ

  PR:		208163
  PR:		208193
  Security:	CVE-2015-5254
  Security:	http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
  Security:	CVE-2016-0782
  Security:	http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
  Security:	CVE-2016-0734
  Security:	http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt

Changes:
  head/security/vuxml/vuln.xml