[ubuntu/eoan-proposed] mosquitto 1.6.6-1 (Accepted)
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Wed Sep 18 20:45:31 UTC 2019
mosquitto (1.6.6-1) unstable; urgency=high
* SECURITY UPDATE: If an MQTT v5 client connects to Mosquitto, sets a last
will and testament, sets a will delay interval, sets a session expiry
interval, and the will delay interval is set longer than the session
expiry interval, then a use after free error occurs, which has the
potential to cause a crash in some situations.
- CVE awaiting assignment
* SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
containing a topic that consists of approximately 65400 or more '/'
characters, i.e. the topic hierarchy separator, then a stack overflow will
occur.
- CVE awaiting assignment
* New upstream release.
* Remove bug-1367.patch.
* Don't use killall in mosquitto.logrotate. Closes: #940229.
Date: 2019-09-18 16:44:38.820300+00:00
Changed-By: Roger Light <roger at atchoo.org>
Signed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/mosquitto/1.6.6-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list