[ubuntu/cosmic-updates] mosquitto 1.4.15-2ubuntu0.18.10.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 20 14:58:29 UTC 2019
mosquitto (1.4.15-2ubuntu0.18.10.3) cosmic-security; urgency=medium
* SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings
- debian/patches/add-validate-utf8.patch: Add validate UTF-8
- debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation
fixes
- CVE-2017-7653
* SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated
clients to send crafted CONNECT packets which could cause DoS
- debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused
by a malicious CONNECT packet
- CVE-2017-7654
Date: 2019-06-19 18:56:15.828301+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/mosquitto/1.4.15-2ubuntu0.18.10.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Cosmic-changes
mailing list