-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: arm64
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-arm-04) <buildd_arm64-arm-arm-04@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 e1bc5822342cfed8ca15348bdef48e0f8e399538 69788 libmosquitto-dev_2.0.11-1.2+deb12u1_arm64.deb
 a23695ff0763d5d6179e4e1e8df2fd1b4366693a 106332 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 063254cd7d10a52493b4c2def3346b85b3be1bb9 85856 libmosquitto1_2.0.11-1.2+deb12u1_arm64.deb
 92796cf985313e34e320c426395f854da396ec21 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_arm64.deb
 db41844a54e662360bc1f955914cbcd88e8137cc 14884 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 1211a6581237c5d58b37765db1c997083ab60b2f 54772 libmosquittopp1_2.0.11-1.2+deb12u1_arm64.deb
 0f03b6ab877379615281759ccab429a06ffb2984 144052 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 1f7bb166323c13eaa6d8d7e1cf5f17be48051a6c 108684 mosquitto-clients_2.0.11-1.2+deb12u1_arm64.deb
 7a22fd395649a1e244f2e9312c62304b83b27dd5 497504 mosquitto-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 c54a8466bd25afe2f33f7fc3cb04a8c2c1999fd1 10187 mosquitto_2.0.11-1.2+deb12u1_arm64-buildd.buildinfo
 2724f7e62aaeb6f6f390ef41436b555b42c66579 383668 mosquitto_2.0.11-1.2+deb12u1_arm64.deb
Checksums-Sha256:
 c5d118ab92d587ec96647dba7a33d9b062b9aa5e1003eaa9be11ef263d59e3ca 69788 libmosquitto-dev_2.0.11-1.2+deb12u1_arm64.deb
 0f6f40e98c0f53f603b64a4101dd78124928bdd5d4b72b733ea05221b0f7906e 106332 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 56f9ef49a2c110c73b90b9470cf834491ae24dba044c0c6cb6e5ced5338eb73f 85856 libmosquitto1_2.0.11-1.2+deb12u1_arm64.deb
 f5d91438ebead59a476ff25e3848c41a4447ced3df90e2200cfe565079dd68c5 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_arm64.deb
 500d1160dbbb2e54bcfaf73d18d1e1f15035af111ec55e1463b31f21c88b38a9 14884 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 c80245f1928935b7ae791bf27ce231177ad75e609527acea2fb1846c0c8d1ca1 54772 libmosquittopp1_2.0.11-1.2+deb12u1_arm64.deb
 5cc87fe940c3ebb7ca2d4e04750b42e0c656ff5f0ec216b01f443355f325dead 144052 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 3a0b49c3e27f3f98bbdfdd44fa49c8acd45570a79484f83b02b1c95d5670fbca 108684 mosquitto-clients_2.0.11-1.2+deb12u1_arm64.deb
 9dbace6088bbb590920237b5d8c48d7cd7f3744a65756cece5f38a3d2514f3d4 497504 mosquitto-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 b99484d0d4e812ddeff878676d2ad1606b95d8c84d30808137f0e4bf549037d9 10187 mosquitto_2.0.11-1.2+deb12u1_arm64-buildd.buildinfo
 87b9d7ba59acfe2038d2794f6edcb94ddab27457406b9a0ebb0d8be221cb9a6f 383668 mosquitto_2.0.11-1.2+deb12u1_arm64.deb
Files:
 73954c25490f40b33a2c21f6655d5381 69788 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_arm64.deb
 ebd7f955011df0de648cf99e7381ead3 106332 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 5b0dc2fed33337e50f8fa9fdd33de6b6 85856 libs optional libmosquitto1_2.0.11-1.2+deb12u1_arm64.deb
 f5fd26c599c2803df593b4dae263386b 51192 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_arm64.deb
 2afca6adb6a2c4335d5a7e31c60b1add 14884 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 152f42981c602193940fc8c7c702ae9d 54772 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_arm64.deb
 a25b7d82b556f9d877b24800eb9c7fc8 144052 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 e537caea21eebd47416eaf1e724b596d 108684 net optional mosquitto-clients_2.0.11-1.2+deb12u1_arm64.deb
 a6f7cf8ab494d686bb516b4c784511eb 497504 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_arm64.deb
 98cb300424d99818932e7d08a6380324 10187 net optional mosquitto_2.0.11-1.2+deb12u1_arm64-buildd.buildinfo
 2c2b58df935222e92db0eee44237a4a6 383668 net optional mosquitto_2.0.11-1.2+deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmUDOxnfDwdc47jJKqoc2e3yvTA0FAmUYcnEACgkQqoc2e3yv
TA0JcQ//VK/hSd9Xa4MzCsIBhgxZ9rJBEMkTMxtwbdf3DmSB3RqAdKfsCvwzGIQY
wJteVWLhnDBzWYsCDpc7OquJMIUVA3HqioGhMpe/8BkOZTBr8tgKBWv9GpJC4XIe
b36rOALKEsmLCbM+JRriWYZkh9fvuWfOWIJajGQCbus+Wjh3x/nO9Nz8+5GnVQhA
DT6EHptrOIMQOdBFcv6Jm6hJIGlmrV8cXEaRpgSycq+g2Nsp1NVrzuYPAJHiiNkJ
YJeCfIH+F8sv96TAT14mVeZvmLTlwrqVd+xUq0FXLTUK/tMrlUjwl35w4qklijLE
F881L8y8XTeCmIzRv3qlheZmrDrX+nuxHIPYVOmm++YHcCcEQAKMYc4GZ2dR+PrK
TASmMb6uY45h+7IVdY4r3WFJCC/VEoUoqm8/Sd0NQCQcKBzq3vB1ev0HNc5WhLjM
4YwujAsX8Svm76GJimlEMD2Q5VlI0MHmB38SDyofK9wprfkuZyFN4KzROcz5qg6u
4XJxtyIwSDcf8iDWqST0NoXXbgZIrwOKHjLnk0z9GJUSoM8dqG7H3OeDEsHfAWX+
9SYZV5p+lAYjhs6RBCVgEm9Ny7fCb2BRf4hkja4zmcJ+yLGsjK5mmfnY4wmNy7Ca
RKINM1/Ek8h3GKsx7bd+bXnDTrOCrNlaJZzjqguj+2M3zkrw0B0=
=BRtx
-----END PGP SIGNATURE-----