-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: amd64
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 47043234c4864f0d4fcb9a407bcb713a2838ce19 73572 libmosquitto-dev_2.0.11-1+deb11u1_amd64.deb
 ece9876be6a7ed6bd574e68255ef6435f837fa6a 104860 libmosquitto1-dbgsym_2.0.11-1+deb11u1_amd64.deb
 3f35665ba4577b8496c672ed98b5dfa63dcc472d 92684 libmosquitto1_2.0.11-1+deb11u1_amd64.deb
 715eb971c06238af8d8bb424cbfead505f5103c7 54948 libmosquittopp-dev_2.0.11-1+deb11u1_amd64.deb
 f575e792d9b1cfd4ef63b81d7a89461d2be2dc90 15572 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_amd64.deb
 02d2fb8051e3bb115aae79c15f76004e618dfb13 58664 libmosquittopp1_2.0.11-1+deb11u1_amd64.deb
 1735593a62ccf309898690b6bc93c258cb507cee 123852 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_amd64.deb
 10f7d8af368953a94858dcdb6b22c47346966d6a 114464 mosquitto-clients_2.0.11-1+deb11u1_amd64.deb
 7ce8683d984fcba567f9f942ee2bee58457d89a5 482484 mosquitto-dbgsym_2.0.11-1+deb11u1_amd64.deb
 62e3efa8c7349a84aabb93f1d21065bab7227de5 10195 mosquitto_2.0.11-1+deb11u1_amd64-buildd.buildinfo
 e4caf37cc130e2d47862266e3950c857c3579daf 271512 mosquitto_2.0.11-1+deb11u1_amd64.deb
Checksums-Sha256:
 20762ae7ba3b0b72380eebe9ef513834f724c727811d7fbf05b4ddcc35deb38d 73572 libmosquitto-dev_2.0.11-1+deb11u1_amd64.deb
 73fb51b6f6d273f6f8006afa2a38d0a1cee0d0f1f94a47a03269ea256213ee2a 104860 libmosquitto1-dbgsym_2.0.11-1+deb11u1_amd64.deb
 c3a46114fa6a0fada8af873f0d6ec9717cd27cd02540888ef890a3d77d651003 92684 libmosquitto1_2.0.11-1+deb11u1_amd64.deb
 a300ba88a548e1706975285727bfbed5928f2cc3d903fbdef23990f06c8c9ec5 54948 libmosquittopp-dev_2.0.11-1+deb11u1_amd64.deb
 7b7eabe336dfcd0c7f3f476728756c33af19938cfe33cbf20c1fb02198e915c8 15572 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_amd64.deb
 ffd151e9a492e3f2aef4517292da049713236c1d9c6f9b4df5a6be4a643f1ba4 58664 libmosquittopp1_2.0.11-1+deb11u1_amd64.deb
 6223134327b77b3438a20ecc36a3df1923583502a9461fa423d642a0b6ae199d 123852 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_amd64.deb
 2458850c50ad10a80bd330176a8cda3104e4a4a8223e97c5e24c307c83a39e7c 114464 mosquitto-clients_2.0.11-1+deb11u1_amd64.deb
 8270a7c252ae1ed64ffd370704e5d7adaf9cfbbfad085421d9581840f6270461 482484 mosquitto-dbgsym_2.0.11-1+deb11u1_amd64.deb
 5654bd60b6ad4034708cae646737ce360915a0d024aa3a988f055d6999b54f43 10195 mosquitto_2.0.11-1+deb11u1_amd64-buildd.buildinfo
 b692e51dc4d1e83b6f4d19953881b8b2b897bc955bc1c93713dee1a1ff2db7ac 271512 mosquitto_2.0.11-1+deb11u1_amd64.deb
Files:
 d6b796b82abf53a9cb601e225cd64849 73572 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_amd64.deb
 c45b877944e465eb38c3136a7467dfd3 104860 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_amd64.deb
 60594059338b98c71696fb629ab0bddf 92684 libs optional libmosquitto1_2.0.11-1+deb11u1_amd64.deb
 f8ae27587bc29f63151a030fe235d4c1 54948 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_amd64.deb
 c6e95a62bdda8050e5613558e0f3f4bb 15572 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_amd64.deb
 33342512936bdade19f8781f64e81d98 58664 libs optional libmosquittopp1_2.0.11-1+deb11u1_amd64.deb
 0ceb4f7257b3abb8ee200b845153dd18 123852 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_amd64.deb
 45b202500c9ecc5596f0910fc39fca5f 114464 net optional mosquitto-clients_2.0.11-1+deb11u1_amd64.deb
 1291e5b3513d3133dc696402974459c0 482484 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_amd64.deb
 574bc1b55c7ea92499e4499d67dfe5dc 10195 net optional mosquitto_2.0.11-1+deb11u1_amd64-buildd.buildinfo
 e8ff30d948b61ac3081383d508525c6c 271512 net optional mosquitto_2.0.11-1+deb11u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE85oDfSLnwLkvY4Ibj5YjFeDZ0JMFAmUYjU0ACgkQj5YjFeDZ
0JMk2xAAp9IfVdES+zX+C/+CmZrggwcnVW7dtzmHvX87DCS3a/0l+KBzEant/joP
fM8PHMqAz9SQ7ECij1A9V6RwUu6nMSdetZZ682X29NjmoyzqujpWV5KT4r568nuJ
pSGz+8iq4Be34884RQzhO2g+TA45EjY5Kb8wa/Htt64NhRm9r4JCYvn/uPLACy+S
rNh7n2da8MDf6lvqt1Gdt3O3qnqGGaPAT8g4q6nARho2Yvlu4Y/bB6xR9xD381qt
ybyZb9qU2BHTRdoLvLOhSJ3HdiS688Gk/HwGws5GkWO8Gk3+5Rlg+oqX0WJJCQN8
KeuPKh040hk86An2U9/+JNMVyRCK8p0oin63xxYzgZt8uUNwmkpli9siKIQjby5C
dc+iKGAjQVXmFeSoDzRriDoLz93hn5X6QsqMccVclBB68HBdxicli+IoVJLf+Rgp
2FMgfHClIkcit8kbRNMPPGHGzgSsxmruRlctqlIe37gUO6sL4R+QblWIC1y3x18X
CYK0SUOQFfP0u7vgh/71UjS2XEY+K+kjPwwIBdJKTW69tCWnJt6J9FG6v98yN7Z/
/n5/GUz+Fg68zFvMCMc1y8xjylUgEDgVq3283u8c+D8wKyTz+zWFYdFoVzMP4l2R
hXLWY8HlDsGAKyRL2ZFtk9lMnzAP1aAuCCAZMlzkjXXD/4kQbuI=
=u/Q6
-----END PGP SIGNATURE-----