[ubuntu/xenial-security] mosquitto 1.4.8-1ubuntu0.16.04.7 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Thu Jun 20 13:42:49 UTC 2019


mosquitto (1.4.8-1ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings
    - debian/patches/add-validate-utf8.patch: Add validate UTF-8
    - debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation
      fixes
    - CVE-2017-7653
  * SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated
    clients to send crafted CONNECT packets which could cause DoS
    - debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused
      by a malicious CONNECT packet
    - CVE-2017-7654

Date: 2019-06-19 19:08:13.166199+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/mosquitto/1.4.8-1ubuntu0.16.04.7
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list