-
mosquitto (2.0.11-1ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Authorization bypass
- debian/patches/CVE-2021-34434.patch: Fix $share subscriptions not
being recovered for durable clients
- CVE-2021-34434
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-41039.patch: Fix CONNECT performance
- debian/patches/CVE-2023-0809.patch: Fix excessive memory usage.
- debian/patches/CVE-2023-3592.patch: Fix memory leak when clients
send v5 CONNECT packets.
- debian/patches/CVE-2023-28366-1.patch: Fix memory leak in broker
- debian/patches/CVE-2023-28366-2.patch: Fix regression
- CVE-2021-41039
- CVE-2023-0809
- CVE-2023-3592
- CVE-2023-28366
-- Giampaolo Fresi Roglia <email address hidden> Sun, 19 Nov 2023 19:09:47 +0100
-
mosquitto (2.0.11-1ubuntu1) jammy; urgency=medium
* Fix autopkgtest failure when running against Python 3.10 (LP: #1960214)
-- Olivier Gayot <email address hidden> Mon, 07 Feb 2022 11:08:48 +0100
-
mosquitto (2.0.11-1build1) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <email address hidden> Fri, 03 Dec 2021 12:15:16 +0100
-
mosquitto (2.0.11-1) unstable; urgency=medium
* SECURITY UPDATE: In Eclipse Mosquitto 1.6 to 2.0.10, if an authenticated
client that had connected with MQTT v5 sent a crafted CONNECT message to
the broker, a memory leak would occur.
* New upstream release.
* Removed systemd-run.patch, applied upstream.
* Removed signed-unsigned.patch, applied upstream.
* missing-test.patch: Fix missing upstream test.
* Update copyright years and paths
-- Roger A. Light <email address hidden> Wed, 09 Jun 2021 13:54:36 +0100