[ubuntu/bionic-security] mosquitto 1.4.15-2ubuntu0.18.04.3 (Accepted)
Eduardo dos Santos Barretto
eduardo.barretto at canonical.com
Thu Jun 20 13:42:48 UTC 2019
mosquitto (1.4.15-2ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings
- debian/patches/add-validate-utf8.patch: Add validate UTF-8
- debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation
fixes
- CVE-2017-7653
* SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated
clients to send crafted CONNECT packets which could cause DoS
- debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused
by a malicious CONNECT packet
- CVE-2017-7654
Date: 2019-06-19 19:00:17.812149+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-2ubuntu0.18.04.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list