[ubuntu/disco-updates] mosquitto 1.5.7-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Sep 23 17:28:08 UTC 2019

mosquitto (1.5.7-1ubuntu0.1) disco-security; urgency=high

  * SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
    containing a topic that consists of approximately 65400 or more '/'
    characters, i.e. the topic hierarchy separator, then a stack overflow will
    occur. LP: #1844377.
    - debian/patches/mosquitto-1.5.x-cve-2019-11779.patch: this patch restricts
      the hierarchy depth to 200.
    - CVE-2019-11779

Date: 2019-09-23 13:35:33.334423+00:00
Changed-By: Roger Light <roger at atchoo.org>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list