-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Sep 2023 16:50:16 +0200 Source: mosquitto Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym Architecture: armel Version: 2.0.11-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-arm-03) Changed-By: Markus Koschany Description: libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library libmosquittopp-dev - MQTT version 3.1 client C++ library, development files libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library mosquitto - MQTT version 5.0/3.1.1/3.1 compatible message broker mosquitto-clients - Mosquitto command line MQTT clients Changes: mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload. * Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. * CVE-2021-34434: In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. * CVE-2021-41039: An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Fix CVE-2023-28366: The broker in Eclipse Mosquitto has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. Checksums-Sha1: e9c4d4f385a3aecd036877baeba365204f879e29 73568 libmosquitto-dev_2.0.11-1+deb11u1_armel.deb e24481dda21b913f924d0756602b4ef64b7345ba 98824 libmosquitto1-dbgsym_2.0.11-1+deb11u1_armel.deb 5f83fa9b3312381d81d99d337c47d461f66cbcd5 83796 libmosquitto1_2.0.11-1+deb11u1_armel.deb cf7643b5207ff62b83a3d1878a29dfa25093cff5 54940 libmosquittopp-dev_2.0.11-1+deb11u1_armel.deb 92cf7e52db6ef088fde39e76ba04846a4367beb8 15536 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armel.deb 08ba7b9a68070fc0a4d0a372479820367ae1424f 58004 libmosquittopp1_2.0.11-1+deb11u1_armel.deb 673c48b260ed4052456cc42f31472ba1890e64be 126700 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armel.deb d9d58aa5524e62c5dd4014744657229fca359736 111932 mosquitto-clients_2.0.11-1+deb11u1_armel.deb bebea9fa9dc3c5c26647b8b542e380550e81905a 452080 mosquitto-dbgsym_2.0.11-1+deb11u1_armel.deb b9662f2b7aeed884c3a15e3c5e7c2cec281d7428 10091 mosquitto_2.0.11-1+deb11u1_armel-buildd.buildinfo c1f4a45b4492455b0a1d11005afcef0795cd345f 247888 mosquitto_2.0.11-1+deb11u1_armel.deb Checksums-Sha256: 2bd40d5c5a52edc5b0d532f57569db77874510a697a49b4ea33db2a0f279ec66 73568 libmosquitto-dev_2.0.11-1+deb11u1_armel.deb 74acda8400cdc413bc285ec33e0bfb913871621ecadf1d54d3a77b10361128a2 98824 libmosquitto1-dbgsym_2.0.11-1+deb11u1_armel.deb 27cac0897a9478b3de2f8b61503c335972843ae416446b1690468f87b1c839f4 83796 libmosquitto1_2.0.11-1+deb11u1_armel.deb 1f277469c47202003748fa31fe068071426c5353766f5df1544847114c0b4e93 54940 libmosquittopp-dev_2.0.11-1+deb11u1_armel.deb 60268f002fdce922d09e44cd77c9a2386207a4f1df6e492ba08b706496651273 15536 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armel.deb 409f339464823563550c0afded1b353346d2aaa9c244f757a687df591a3f3d1b 58004 libmosquittopp1_2.0.11-1+deb11u1_armel.deb 3412cb57cf0669ae8db5e08b490a62301a0d2f475c3d12a568d384cd3e3ed7a4 126700 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armel.deb cc7034ffa6058914afd2fd0f17f7d336bdf91ebbf9ad5097107aaa9a63a82398 111932 mosquitto-clients_2.0.11-1+deb11u1_armel.deb 55c720a225a90c91aa5f7a066a7f053ab7e4db42b1ceb37fdffc2ed19991ac1c 452080 mosquitto-dbgsym_2.0.11-1+deb11u1_armel.deb 36166cce0a5212ec168079b9c69061a036d83a1444486e056a5b61816579e954 10091 mosquitto_2.0.11-1+deb11u1_armel-buildd.buildinfo ff9cad3c01c815f540d65bbe2484b98615344f167b4803dbf156c8ff669103cf 247888 mosquitto_2.0.11-1+deb11u1_armel.deb Files: 6806c3db30fac32227518d776fcc9c88 73568 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_armel.deb 0059d8c4189126af8846afb8c0cd5b79 98824 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_armel.deb f7292914b78aaf481c0ff475af856899 83796 libs optional libmosquitto1_2.0.11-1+deb11u1_armel.deb 75951656ceb550b091316c3d0c951477 54940 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_armel.deb b959082f08d7f092db46ac00b6c6318a 15536 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armel.deb b04acbbac754ebf7a024ddec099985e5 58004 libs optional libmosquittopp1_2.0.11-1+deb11u1_armel.deb f47c9b97df2b56ebb5045aecdb79c2bc 126700 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armel.deb 833526884c485824346c9016a78099ae 111932 net optional mosquitto-clients_2.0.11-1+deb11u1_armel.deb 73b6928b7a2c493c27da8ea7f936dd4c 452080 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_armel.deb 468895aeb439ab0f4608c2719dff9caa 10091 net optional mosquitto_2.0.11-1+deb11u1_armel-buildd.buildinfo 35b7a7dd2b8ccabfd9016557fc709482 247888 net optional mosquitto_2.0.11-1+deb11u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEExwLooY4pOBEnRvQOhwvc65q7iiUFAmUYjb0ACgkQhwvc65q7 iiXT8RAAuRmZJ87L0KpAvluiCurymIZVQunpzGf4Q0W2N1/0XVXSxTefxDkd41cR WUXAtil4GAl+OXTavGaGuMgse3RJnYxxa7ufYJmrNbKyTcSiuJSREHQCW7VddIJW jK3mfDhhb93ogTdXu3ZRDtVAoAuSW44IGou93vdh08PFngLj89AqNgO6Y02+A6KL DhqNKnCGpj2uOGqF4bMuYFqWBy2J/PGUHXMimOWNIE0qZWATXeP6DSW8cjn0cF3P ePsMwzMINvBMnXafeBsGRDFpBRcurQwBTJ0rGXZsu2ztaKMiK+CT3rSUojJlpbsD QPadIPLsqjdGIf/NPYcHdnoV3YGWkcL5qpbGWrwGZV2dYCxJ5CEZwc1P7Fj07QG8 53LztJJv8jSVWI7JI7zxdeS9Uwk/pguFH9va+Kk0W/BJ0ExGB4+HQrBZRsLKMJ52 Rufng+mBLX7dew9xjhkWdetSvEoQ7KK/XBNU+Z5i3JapqjWjs4ZQGpKuEPLLEsNI 39SBEDamEgfJq7gpBdqhF2Pp9bvg+pnR6udPjemeRRWBAFC24hpSDcYiNXzpv7pt 7J4Ki9nBCPowAQkgAKqYrpLFOJiKBnIxDmiQ55AKMr+bNllzrQ6M3ue7Hh+sEBQ/ FGp2GPX2msii/bQyefMp/lpqato/wQrPavwszL93r47mPqgktZ8= =Ew4V -----END PGP SIGNATURE-----