-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: ppc64el
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) <buildd_ppc64el-ppc64el-osuosl-02@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 c4eb89aa8618d3df007ac2796ab2f303051d24af 69800 libmosquitto-dev_2.0.11-1.2+deb12u1_ppc64el.deb
 939a3f76f4e79a5e3c54fa7693c70962f14ba7ed 110372 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 c7d8aea0b3f374866d0c0684cdca0eda0421b106 94080 libmosquitto1_2.0.11-1.2+deb12u1_ppc64el.deb
 aa19beb2a436e147f8771f406c1789538467022d 51204 libmosquittopp-dev_2.0.11-1.2+deb12u1_ppc64el.deb
 08ced5819b9d48df4c3ff1aa4dbc1d21b9a80c8a 15512 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 b3053e1f24c3eeb852a7f2c02a1c5317fc71e052 55256 libmosquittopp1_2.0.11-1.2+deb12u1_ppc64el.deb
 9d9b2e936bd8caa05109eac513adfae69f52d13a 131924 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 bea7c5d3ff0d814a65c32932fb801152a44ddb59 111928 mosquitto-clients_2.0.11-1.2+deb12u1_ppc64el.deb
 d785354d92712edb8dc79cf07d982364a72ed661 513976 mosquitto-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 ddf0b29c711e21df451b71a504cb4ff4a326868f 10232 mosquitto_2.0.11-1.2+deb12u1_ppc64el-buildd.buildinfo
 54da6f14a0b07685e380be72bf026bfe46c8e23c 437832 mosquitto_2.0.11-1.2+deb12u1_ppc64el.deb
Checksums-Sha256:
 654c5d4e60bb89cbe1d92b0eb7b56d0b1e27c114592e47a0de9db268470b6c37 69800 libmosquitto-dev_2.0.11-1.2+deb12u1_ppc64el.deb
 bd6ae79200430820aa4b816e9749c0050d18b1d4ddaca8ade69e8374f4618e88 110372 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 9865c42c0c05243027d4d764dea90ae43a375c8e3e3fbc7ef4aa4fb39be69d81 94080 libmosquitto1_2.0.11-1.2+deb12u1_ppc64el.deb
 edfa8e3e67d1702e41f8e66aee30b66758987b3c52ff7fd2f36ff7a91ae7e8e0 51204 libmosquittopp-dev_2.0.11-1.2+deb12u1_ppc64el.deb
 2636f5cc8ee7ab38926fac69f9b768113c24d34cb67e47559ed3d1901265d04b 15512 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 26fb5204a8a82898bffcec71001adf1d75b41369e6b242ac5548c3b71654ddd5 55256 libmosquittopp1_2.0.11-1.2+deb12u1_ppc64el.deb
 d1d19ee6b8e7f6622fb543ac5e1736e2c6dc67f7efb46a999d6ee7add21382c1 131924 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 9bb1106beecf4796d1bbdfa72e8da763617d2376ed1e88c54d9d5b504dd1f073 111928 mosquitto-clients_2.0.11-1.2+deb12u1_ppc64el.deb
 4b95e487b3093d65a735d4b229b039d608a26390c55129eae37376b69e165537 513976 mosquitto-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 3173ddcc9ed24ddb995891d78c111ebc9ecbc30565068962d750bc406871d69f 10232 mosquitto_2.0.11-1.2+deb12u1_ppc64el-buildd.buildinfo
 7330b31cc598fad06c96330c4551e2d731bb6d046cd040f1c1216167347eb1b6 437832 mosquitto_2.0.11-1.2+deb12u1_ppc64el.deb
Files:
 ff79c8afabbed3a27298c9bb9d302344 69800 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_ppc64el.deb
 24c1599d925482b08202378f94f84680 110372 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 f2cfdce3c4b893dec87e85b379afbf7b 94080 libs optional libmosquitto1_2.0.11-1.2+deb12u1_ppc64el.deb
 d1e3f35e68ee6a6636fa5f0c9a9b210a 51204 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_ppc64el.deb
 4ffbea4d565d383c7d0a67cb9473321f 15512 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 2fde397139a7ee9622da67e6abdcb219 55256 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_ppc64el.deb
 9a0c5416407b4023c6d4872f2d8bef15 131924 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 f925aa8774969e9a27ef8ba632bd0bab 111928 net optional mosquitto-clients_2.0.11-1.2+deb12u1_ppc64el.deb
 6f7778f65d7137c11a41858c922bc9c0 513976 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_ppc64el.deb
 6bbb13fa381e82d9fd2e3b247b5cbae3 10232 net optional mosquitto_2.0.11-1.2+deb12u1_ppc64el-buildd.buildinfo
 b36b1cc41f9429537aa323c63a7d0e17 437832 net optional mosquitto_2.0.11-1.2+deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHDNCkvGgp2XShfnByW8ECaj2byoFAmUYcukACgkQyW8ECaj2
byoryg//XAf5v8qgc00pktrHkDcFHQR+pHZZu2Y6rKJ8Xd/AzFSz1cUBNHJRPJCZ
Omuut9xBIlWwxePeJYmsF/KVlLBOQDy4d4Nn32RWlKGLWMG6JyBg35LcECiUq0Jn
5roJRY6MAkiSUqA4yE2fOgqoFftXw2RWvEHUkWGuHvGFzK8rQv+vhBTCPcpu8dVb
hz4yD3OSiE6TbNjiSvtrCZEmCZx/pLnRR0ZtuMkfnKqsXa8nm8HOZMd3e1rbDK45
Iz+TbRr/Wxf4svGfM+LRbAZ79h0xtIWvd2Ox01ZNa5Poou7Ip71ZfOYInYpbb3Qa
cteDqwT92V7aEHQ5pgBl+ofCRoDXiztnM0AuDOzLV6DCKe+uMiKYcFF6joa6AKdl
+bVpob3mhykKeyEwq3PfTT47bsEDt2piyDgcM2junfKVa3jIk6j4AuVW/rfVocpD
zam4vAz1rEPh8qGQgPwFVfVriLyxEMxftawBx4ThjIfs8IpOTMX5GBHQaZYD6+/8
PHahE1I2eHlYbiC/Vsl6HXTIw6C2CHrYDVNIvKpxhLI3cfIxcsh9h4d25l/DvQKM
Yq+dj+cqhH3Izsh/kr1RfRBjsRw0rq/fnQGzFRl30CBE7oIaYYAwV1A85/DTacoC
VGhfzYioI56y3+NWkP5JqZkM+KmCq0iGpRA+nwLv1jFm3eJ4vyE=
=xSkp
-----END PGP SIGNATURE-----