[ubuntu/xenial-updates] mosquitto 1.4.8-1ubuntu0.16.04.7 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jun 20 14:58:26 UTC 2019


mosquitto (1.4.8-1ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings
    - debian/patches/add-validate-utf8.patch: Add validate UTF-8
    - debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation
      fixes
    - CVE-2017-7653
  * SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated
    clients to send crafted CONNECT packets which could cause DoS
    - debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused
      by a malicious CONNECT packet
    - CVE-2017-7654

Date: 2019-06-19 19:08:13.166199+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/mosquitto/1.4.8-1ubuntu0.16.04.7
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list