[ubuntu/bionic-proposed] mosquitto 1.4.15-1 (Accepted)

[LocutusOfBorg]

mosquitto (1.4.15-1) unstable; urgency=high

  * SECURITY UPDATE: If a SIGHUP is sent to the broker when there are no more
    file descriptors, then opening the configuration file will fail and
    security settings will be set back to their default values.
    - debian/patches/mosquitto-1.4.10_cve-2017-7652.patch: When reloading
      configuration, do this into a separate config struct. If nothing fails,
      then copy the new config over the old config.
    - CVE-2017-7652
  * SECURITY UPDATE: Unauthenticated clients can cause excessive memory usage.
    This has the potential to lead to an OOM situation and the broker being
    killed by the system.
    - debian/patches/mosquitto-1.4.10_cve-2017-7652.patch: Limit the maximum
      size of CONNECT packet to a reasonable value, and add "memory_limit"
      option to set the maximum memory the broker will use.
    - CVE-2017-7651
  * New upstream release.
  * Remove upstart support, which had accidently been reinstated in 1.4.14-2.
  * Bumped standards version to 4.1.3, no changes required.
  * Fix global-files-wildcard-not-first-paragraph-in-dep5-copyright.

Date: 2018-03-01 16:35:45.089640+00:00
Changed-By: Roger Light <roger at atchoo.org>
Signed-By: LocutusOfBorg <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-1
-------------- next part --------------
Sorry, changesfile not available.