-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: armel
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-arm-03) <buildd_arm64-arm-arm-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 e9c4d4f385a3aecd036877baeba365204f879e29 73568 libmosquitto-dev_2.0.11-1+deb11u1_armel.deb
 e24481dda21b913f924d0756602b4ef64b7345ba 98824 libmosquitto1-dbgsym_2.0.11-1+deb11u1_armel.deb
 5f83fa9b3312381d81d99d337c47d461f66cbcd5 83796 libmosquitto1_2.0.11-1+deb11u1_armel.deb
 cf7643b5207ff62b83a3d1878a29dfa25093cff5 54940 libmosquittopp-dev_2.0.11-1+deb11u1_armel.deb
 92cf7e52db6ef088fde39e76ba04846a4367beb8 15536 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armel.deb
 08ba7b9a68070fc0a4d0a372479820367ae1424f 58004 libmosquittopp1_2.0.11-1+deb11u1_armel.deb
 673c48b260ed4052456cc42f31472ba1890e64be 126700 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armel.deb
 d9d58aa5524e62c5dd4014744657229fca359736 111932 mosquitto-clients_2.0.11-1+deb11u1_armel.deb
 bebea9fa9dc3c5c26647b8b542e380550e81905a 452080 mosquitto-dbgsym_2.0.11-1+deb11u1_armel.deb
 b9662f2b7aeed884c3a15e3c5e7c2cec281d7428 10091 mosquitto_2.0.11-1+deb11u1_armel-buildd.buildinfo
 c1f4a45b4492455b0a1d11005afcef0795cd345f 247888 mosquitto_2.0.11-1+deb11u1_armel.deb
Checksums-Sha256:
 2bd40d5c5a52edc5b0d532f57569db77874510a697a49b4ea33db2a0f279ec66 73568 libmosquitto-dev_2.0.11-1+deb11u1_armel.deb
 74acda8400cdc413bc285ec33e0bfb913871621ecadf1d54d3a77b10361128a2 98824 libmosquitto1-dbgsym_2.0.11-1+deb11u1_armel.deb
 27cac0897a9478b3de2f8b61503c335972843ae416446b1690468f87b1c839f4 83796 libmosquitto1_2.0.11-1+deb11u1_armel.deb
 1f277469c47202003748fa31fe068071426c5353766f5df1544847114c0b4e93 54940 libmosquittopp-dev_2.0.11-1+deb11u1_armel.deb
 60268f002fdce922d09e44cd77c9a2386207a4f1df6e492ba08b706496651273 15536 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armel.deb
 409f339464823563550c0afded1b353346d2aaa9c244f757a687df591a3f3d1b 58004 libmosquittopp1_2.0.11-1+deb11u1_armel.deb
 3412cb57cf0669ae8db5e08b490a62301a0d2f475c3d12a568d384cd3e3ed7a4 126700 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armel.deb
 cc7034ffa6058914afd2fd0f17f7d336bdf91ebbf9ad5097107aaa9a63a82398 111932 mosquitto-clients_2.0.11-1+deb11u1_armel.deb
 55c720a225a90c91aa5f7a066a7f053ab7e4db42b1ceb37fdffc2ed19991ac1c 452080 mosquitto-dbgsym_2.0.11-1+deb11u1_armel.deb
 36166cce0a5212ec168079b9c69061a036d83a1444486e056a5b61816579e954 10091 mosquitto_2.0.11-1+deb11u1_armel-buildd.buildinfo
 ff9cad3c01c815f540d65bbe2484b98615344f167b4803dbf156c8ff669103cf 247888 mosquitto_2.0.11-1+deb11u1_armel.deb
Files:
 6806c3db30fac32227518d776fcc9c88 73568 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_armel.deb
 0059d8c4189126af8846afb8c0cd5b79 98824 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_armel.deb
 f7292914b78aaf481c0ff475af856899 83796 libs optional libmosquitto1_2.0.11-1+deb11u1_armel.deb
 75951656ceb550b091316c3d0c951477 54940 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_armel.deb
 b959082f08d7f092db46ac00b6c6318a 15536 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armel.deb
 b04acbbac754ebf7a024ddec099985e5 58004 libs optional libmosquittopp1_2.0.11-1+deb11u1_armel.deb
 f47c9b97df2b56ebb5045aecdb79c2bc 126700 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armel.deb
 833526884c485824346c9016a78099ae 111932 net optional mosquitto-clients_2.0.11-1+deb11u1_armel.deb
 73b6928b7a2c493c27da8ea7f936dd4c 452080 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_armel.deb
 468895aeb439ab0f4608c2719dff9caa 10091 net optional mosquitto_2.0.11-1+deb11u1_armel-buildd.buildinfo
 35b7a7dd2b8ccabfd9016557fc709482 247888 net optional mosquitto_2.0.11-1+deb11u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExwLooY4pOBEnRvQOhwvc65q7iiUFAmUYjb0ACgkQhwvc65q7
iiXT8RAAuRmZJ87L0KpAvluiCurymIZVQunpzGf4Q0W2N1/0XVXSxTefxDkd41cR
WUXAtil4GAl+OXTavGaGuMgse3RJnYxxa7ufYJmrNbKyTcSiuJSREHQCW7VddIJW
jK3mfDhhb93ogTdXu3ZRDtVAoAuSW44IGou93vdh08PFngLj89AqNgO6Y02+A6KL
DhqNKnCGpj2uOGqF4bMuYFqWBy2J/PGUHXMimOWNIE0qZWATXeP6DSW8cjn0cF3P
ePsMwzMINvBMnXafeBsGRDFpBRcurQwBTJ0rGXZsu2ztaKMiK+CT3rSUojJlpbsD
QPadIPLsqjdGIf/NPYcHdnoV3YGWkcL5qpbGWrwGZV2dYCxJ5CEZwc1P7Fj07QG8
53LztJJv8jSVWI7JI7zxdeS9Uwk/pguFH9va+Kk0W/BJ0ExGB4+HQrBZRsLKMJ52
Rufng+mBLX7dew9xjhkWdetSvEoQ7KK/XBNU+Z5i3JapqjWjs4ZQGpKuEPLLEsNI
39SBEDamEgfJq7gpBdqhF2Pp9bvg+pnR6udPjemeRRWBAFC24hpSDcYiNXzpv7pt
7J4Ki9nBCPowAQkgAKqYrpLFOJiKBnIxDmiQ55AKMr+bNllzrQ6M3ue7Hh+sEBQ/
FGp2GPX2msii/bQyefMp/lpqato/wQrPavwszL93r47mPqgktZ8=
=Ew4V
-----END PGP SIGNATURE-----