-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: armhf
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-arm-01) <buildd_arm64-arm-arm-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 76192a0fac444c2d3cce7b15d41887f2acca5180 73580 libmosquitto-dev_2.0.11-1+deb11u1_armhf.deb
 35cf876a5242cb332fb8b1b261681867c55c5c18 102244 libmosquitto1-dbgsym_2.0.11-1+deb11u1_armhf.deb
 4de69e96a20884b704e09d818219abfafcdb5d8a 84060 libmosquitto1_2.0.11-1+deb11u1_armhf.deb
 286c8f0aa3eb6ab399a3861c9558f672c6b5d0d8 54948 libmosquittopp-dev_2.0.11-1+deb11u1_armhf.deb
 dff3bc3c353ba267b0b2a687e205be5e18630f98 15960 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armhf.deb
 880264bd66eaaff9be2e9a8881910adb126ea8ba 58052 libmosquittopp1_2.0.11-1+deb11u1_armhf.deb
 1a6a7216e4c90e277ca8d02d8fe7ad19090b28c1 123636 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armhf.deb
 4dc7a50e24200a833dd7640b1a9e6a1ed6b894a8 110480 mosquitto-clients_2.0.11-1+deb11u1_armhf.deb
 8ffec31a82919901a2f4e7a091c2e340580362ba 469216 mosquitto-dbgsym_2.0.11-1+deb11u1_armhf.deb
 9e13a7f128accd4f0caebd6ee3aedaf5f3755ec0 10096 mosquitto_2.0.11-1+deb11u1_armhf-buildd.buildinfo
 32bb1985008c4177ab15b7198e356bd01165ddfc 253720 mosquitto_2.0.11-1+deb11u1_armhf.deb
Checksums-Sha256:
 bc961f599dda6168edefe273f83812fa1726a61c743fb880160dc798b14dbc9c 73580 libmosquitto-dev_2.0.11-1+deb11u1_armhf.deb
 4e2921dfa407f25164f16d999db54e8f1fb8c0280776a9d9cf8e758e1f9ec3db 102244 libmosquitto1-dbgsym_2.0.11-1+deb11u1_armhf.deb
 810e1ddfe9df1418a1aba35c2bf0a173832568c4d0ac0a0afd9f248a7108d122 84060 libmosquitto1_2.0.11-1+deb11u1_armhf.deb
 84d4d635d62be2c234fdcf8c152f7dda21a9f385e0c1fc236227a8cb788d88c1 54948 libmosquittopp-dev_2.0.11-1+deb11u1_armhf.deb
 cabfbe807cc8dce24f6343e4dbadebf87800a6a88fa8531adb5d3ea90bed5a4b 15960 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armhf.deb
 19af5324a08ad71c8d35cf9a8912c12b72b7730cc685ff0f323cf7e66f84c179 58052 libmosquittopp1_2.0.11-1+deb11u1_armhf.deb
 f22cc281c20511857c38ea7eba805db14dafa9c84d413bd36feca9ba905218c1 123636 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armhf.deb
 93f7c08ac42acd39e86a3354c0ebf2024f66795213414b4a74ad2414db4830be 110480 mosquitto-clients_2.0.11-1+deb11u1_armhf.deb
 937bd1754990d755c49166231de31092e5fa2702035c1cd8d4b0b804869bd5e8 469216 mosquitto-dbgsym_2.0.11-1+deb11u1_armhf.deb
 2fe561dc78ab2bd3debe05a5601824b4f27ed13156f72725b79f8997c66bacd8 10096 mosquitto_2.0.11-1+deb11u1_armhf-buildd.buildinfo
 b1f30fb28cc44808da7261dd1ab80b855981201bc6ab27ca33a02db14bf76ef0 253720 mosquitto_2.0.11-1+deb11u1_armhf.deb
Files:
 f22f277eed04dfbf88580aa6e26f9f0a 73580 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_armhf.deb
 40a6e29e7004697d5f731494fd49f109 102244 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_armhf.deb
 3a0829477e149dcf58978aaae030c6e0 84060 libs optional libmosquitto1_2.0.11-1+deb11u1_armhf.deb
 24c5c56c567bf2e7828fc46bfc7e8c27 54948 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_armhf.deb
 3ba4541b5ac0027e08b86ab57ccb27a6 15960 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_armhf.deb
 9dfc99c6df3bd304cc850994fa479109 58052 libs optional libmosquittopp1_2.0.11-1+deb11u1_armhf.deb
 7e39b681fea5f15f30f455b723047f46 123636 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_armhf.deb
 6be56b8668dc2854dd8e2ca50d52ddd0 110480 net optional mosquitto-clients_2.0.11-1+deb11u1_armhf.deb
 7be02de42324262cecb26a08c35f3e37 469216 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_armhf.deb
 9d4e38a2e39bed3b6aa9fae0c260281a 10096 net optional mosquitto_2.0.11-1+deb11u1_armhf-buildd.buildinfo
 4e5b0ae3e731384c6019a2e583d5d578 253720 net optional mosquitto_2.0.11-1+deb11u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE4Prg5L5o4koxD5sKbi61NfD5HDwFAmUYjYcACgkQbi61NfD5
HDwDbg//bHrqZdDAAbwxQPXp+IEGtsYK6tHa3sD1ANr6V2Ojh58IeScAooAiYDTZ
Slq9bc18S7mKVl88sU2fN+3wOjdxRnyFovYjEbca0pzd0WRC2YPn5ljA/awLkHMV
cn6d59GNhP4SWCB92JunT/7173OBr3wObtqpDxe9+7zN8qgCRPuEZzxsitQB4jez
FdwKjhcWiVX5KQmW95PRLHGI8wozYzJTKKViZJMd8RQtrUF8IXtO8cz8duJKCDxB
F/tWcOvDxUPGgKc+YT9uEycisCNMrLYQ6cFm+Js+ypinAbXmeMwssJwlBbfhshB4
whLJofsM0v9/+N7ZS/253FErDf5quA7gxFeN6CqQgARw1HezvT61tqBpTEL3NGOX
n8NpoytD5l5J0G4D493xewniQlNxTVyOk1r78u6/cVT8tMNvGUrgFMeo3Flt1ugE
k5lk26FyILKTGuHecOjUtAR7C3gW8ETuBI8KT22lp3TvR+oOw3C1yUVkfmLRimTP
64w6cHK1RZkwonNQYtY3OODsATtqqW3Q8sJD3JQeUXjT85bkPx2T7800gkPAXufC
qmucA3Oxy5dCVG+hMjYQNmUOnGExjeES2uJRxzCAyi9LKXJ9mJsOnspJKFShoPuG
gOj8zdBsY06c5i8u8UvK6zSsc7p6ZcJkXhvEBSy2mTWCIwOADIY=
=JFxN
-----END PGP SIGNATURE-----