[ubuntu/eoan-proposed] mosquitto 1.6.6-1 (Accepted)

Gianfranco Costamagna costamagnagianfranco at yahoo.it
Wed Sep 18 20:45:31 UTC 2019


mosquitto (1.6.6-1) unstable; urgency=high

  * SECURITY UPDATE: If an MQTT v5 client connects to Mosquitto, sets a last
    will and testament, sets a will delay interval, sets a session expiry
    interval, and the will delay interval is set longer than the session
    expiry interval, then a use after free error occurs, which has the
    potential to cause a crash in some situations.
    - CVE awaiting assignment
  * SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
    containing a topic that consists of approximately 65400 or more '/'
    characters, i.e. the topic hierarchy separator, then a stack overflow will
    occur.
    - CVE awaiting assignment
  * New upstream release.
  * Remove bug-1367.patch.
  * Don't use killall in mosquitto.logrotate. Closes: #940229.

Date: 2019-09-18 16:44:38.820300+00:00
Changed-By: Roger Light <roger at atchoo.org>
Signed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/mosquitto/1.6.6-1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Eoan-changes mailing list