[ubuntu/cosmic-updates] mosquitto 1.4.15-2ubuntu0.18.10.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 20 14:58:29 UTC 2019

mosquitto (1.4.15-2ubuntu0.18.10.3) cosmic-security; urgency=medium

  * SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings
    - debian/patches/add-validate-utf8.patch: Add validate UTF-8
    - debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation
    - CVE-2017-7653
  * SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated
    clients to send crafted CONNECT packets which could cause DoS
    - debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused
      by a malicious CONNECT packet
    - CVE-2017-7654

Date: 2019-06-19 18:56:15.828301+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Cosmic-changes mailing list