[ubuntu/disco-updates] mosquitto 1.5.7-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Sep 23 17:28:08 UTC 2019
mosquitto (1.5.7-1ubuntu0.1) disco-security; urgency=high
* SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
containing a topic that consists of approximately 65400 or more '/'
characters, i.e. the topic hierarchy separator, then a stack overflow will
occur. LP: #1844377.
- debian/patches/mosquitto-1.5.x-cve-2019-11779.patch: this patch restricts
the hierarchy depth to 200.
- CVE-2019-11779
Date: 2019-09-23 13:35:33.334423+00:00
Changed-By: Roger Light <roger at atchoo.org>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/mosquitto/1.5.7-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list