Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
Changelog
activemq (5.6.0+dfsg-1+deb7u2build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
activemq (5.6.0+dfsg-1+deb7u2) wheezy-security; urgency=high
* Team upload.
* Fix CVE-2015-5254:
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be
serialized in the broker, which allows remote attackers to execute
arbitrary code via a crafted serialized Java Message Service (JMS)
ObjectMessage object.
-- Marc Deslauriers <email address hidden> Wed, 23 Mar 2016 07:32:16 -0400