1
Candidate: CVE-2016-4974
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4974
5
http://qpid.apache.org/components/jms/security.html
6
http://qpid.apache.org/components/jms/security-0-x.html
7
http://www.openwall.com/lists/oss-security/2016/07/02/1
9
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before
10
0.10.0 does not restrict the use of classes available on the classpath,
11
which might allow remote authenticated users with permission to send
12
messages to deserialize arbitrary objects and execute arbitrary code by
13
leveraging a crafted serialized object in a JMS ObjectMessage that is
14
handled by the getObject function.
23
upstream_qpid-cpp: needs-triage
24
precise_qpid-cpp: ignored (reached end-of-life)
25
precise/esm_qpid-cpp: DNE (precise was needs-triage)
26
trusty_qpid-cpp: needs-triage
27
vivid/stable-phone-overlay_qpid-cpp: DNE
28
vivid/ubuntu-core_qpid-cpp: DNE
29
wily_qpid-cpp: ignored (reached end-of-life)
30
xenial_qpid-cpp: needs-triage
31
yakkety_qpid-cpp: ignored (reached end-of-life)
32
zesty_qpid-cpp: ignored (reached end-of-life)
33
artful_qpid-cpp: needs-triage