[ubuntu/disco-security] mosquitto 1.5.7-1ubuntu0.1 (Accepted)
Mike Salvatore
mike.salvatore at canonical.com
Mon Sep 23 16:38:20 UTC 2019
mosquitto (1.5.7-1ubuntu0.1) disco-security; urgency=high
* SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
containing a topic that consists of approximately 65400 or more '/'
characters, i.e. the topic hierarchy separator, then a stack overflow will
occur. LP: #1844377.
- debian/patches/mosquitto-1.5.x-cve-2019-11779.patch: this patch restricts
the hierarchy depth to 200.
- CVE-2019-11779
Date: 2019-09-23 13:35:33.334423+00:00
Changed-By: Roger Light <roger at atchoo.org>
Signed-By: Mike Salvatore <mike.salvatore at canonical.com>
https://launchpad.net/ubuntu/+source/mosquitto/1.5.7-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list