-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: ppc64el
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 1e393bfd6c2eddc69293a87001617fc208b99105 73576 libmosquitto-dev_2.0.11-1+deb11u1_ppc64el.deb
 0af0b5873f1b5b929f5793b7e1aa7b3ab13c86fa 107644 libmosquitto1-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 c93ef549e7ce06140579e44211c27ead9b5c50ca 98132 libmosquitto1_2.0.11-1+deb11u1_ppc64el.deb
 e3f0fc757bb87473669bece916c4594998622448 54952 libmosquittopp-dev_2.0.11-1+deb11u1_ppc64el.deb
 3dbd7abed0ac9c2f69a3035c44255c33188e6ee7 16132 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 938c839d8ece2120ea361b1bad81a9bb914317f2 59016 libmosquittopp1_2.0.11-1+deb11u1_ppc64el.deb
 399703b88c73ee46bea5c2a3511c55a7d50ed58c 132036 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 a49fcfba8ccfbfa7adde513c190512fee4dac2b4 116280 mosquitto-clients_2.0.11-1+deb11u1_ppc64el.deb
 e40ed5cdcfb3a9b181de850c61a816293c309b7a 491888 mosquitto-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 664b29c97b2e363c3c90872842e8bab1b9c4c59b 10261 mosquitto_2.0.11-1+deb11u1_ppc64el-buildd.buildinfo
 3d574e0e532cc74412f9d052b20171b08180bf52 290376 mosquitto_2.0.11-1+deb11u1_ppc64el.deb
Checksums-Sha256:
 6b3eea19819f9cca1ef2c586b803d54479c79740544a8284b943a698104c1c6c 73576 libmosquitto-dev_2.0.11-1+deb11u1_ppc64el.deb
 b3664dd293b3442bbbd9ef7caa395bbc3774153f9e6c3be65aa1d5dd800cdab6 107644 libmosquitto1-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 983cf4eedf7075212b342127200e34f96de5f2ed686f02088ac3129fa9f6551f 98132 libmosquitto1_2.0.11-1+deb11u1_ppc64el.deb
 7e599c8615c2c6c9985db3badc3398c822660daefff9aeb33de96ca07dba849d 54952 libmosquittopp-dev_2.0.11-1+deb11u1_ppc64el.deb
 cb79e3beeaed563c810e7feffc39020d5ce423dc97c4bc58aaa193ecc55c0e42 16132 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 49f4c3e411832c1dc8af2e80bf582572d39863b6ceba660d78a97a58b73b11e9 59016 libmosquittopp1_2.0.11-1+deb11u1_ppc64el.deb
 a7634625ba738784d258ca98cdd35e9ad8cbdba1aa58c9b33b2ff5e6f03660af 132036 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 c92736dd4bdda8b917fffedbf9ae124e238ac388f006b064dd6b7010bcc3b6d8 116280 mosquitto-clients_2.0.11-1+deb11u1_ppc64el.deb
 006ffc3c591f42728bd1e8a1e5b0cbce5a6b91c613b885542bdd77940b9ac2a5 491888 mosquitto-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 bc213972c96a85d8b29fee2357d2e2046e776d07f555e0a3044a19f09fc80d64 10261 mosquitto_2.0.11-1+deb11u1_ppc64el-buildd.buildinfo
 672cbc9ffbab0645658cc234daea47c5830ce865b49575544b597bcaf4f04968 290376 mosquitto_2.0.11-1+deb11u1_ppc64el.deb
Files:
 42f16ee86f0d2ff6157eae4a6944eca2 73576 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_ppc64el.deb
 c844d79e90c9803f947bb77c8e9ba4f9 107644 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 fcf645010e5e91d97137a6e50dc47876 98132 libs optional libmosquitto1_2.0.11-1+deb11u1_ppc64el.deb
 12c290f2bab1d35c3b40765136d2767a 54952 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_ppc64el.deb
 23124d72ba179144818e61186303e843 16132 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 6299aa7647fb02e3b7f91d48baf94650 59016 libs optional libmosquittopp1_2.0.11-1+deb11u1_ppc64el.deb
 63c63cf5895c188d82599a7d8914589b 132036 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 7fcf0bdf2445700f0b5bace35152792d 116280 net optional mosquitto-clients_2.0.11-1+deb11u1_ppc64el.deb
 e802ae22fd391d66116af01f5dca3948 491888 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_ppc64el.deb
 48d7a8409dac6282ada98806756ab440 10261 net optional mosquitto_2.0.11-1+deb11u1_ppc64el-buildd.buildinfo
 106b66a7bde53fce76ae472828fba213 290376 net optional mosquitto_2.0.11-1+deb11u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmUYjSkACgkQY7DdE4sW
Z/WSaQ/+Npv4uKzCYkv0tossbMe6l4YIYJAUxC5LXZPHlcT4fLHsSU/pV2ySC/2x
0mYKlBCqTOk8KSzeSaI9YFY9FhKl3YZu3SDDzex5qS4IY2neXlyWj1sxpYE5BihM
evWoLL6XDaM0C8tFNwGmxEN0m8tAd08FsBGaFBdOVot+NAHQUuPTKmX3s5T2yVLj
KIy3/NiuWdccj1E+LkvpOwYY1mc81OclUZhNedESSMaaeZQejBCOSAE+dwzai/xj
1gnPhIcINx9p+jLc8C5vC8NJrmXEkTzSFRUP8FqzAU47W1KkkzcuvcwogyMBTvkU
ND7/pIq9Kqe9cgy3hXVELpnL4Kn9aHDkfVhNRx9jblHpuXSSt5W25aUfLoCuVrDm
cmGBRgcr+RQAx9xX2lX8Nev1KUeR6vQ35nUbntPIa7v6WVovkRXhrBJXH6qvlm8y
RMx/52gKZrAKuBSRPySWo4Olog9/Oin5sdwG+eFTHGRIJizPQw3Oi6hiDXz7RkFw
m2wTgWxwLcUSc/rfHBSjoSD+oBLRDEsPf1kIocJ8cAQ1z5YeQCycVjFh3JHPV137
ojjSJrTiBBZUiG4D73+SbTt6Rt0LQHlYAzIMqDt9sjLVpbvWtkUyY9gOymHluyzn
VzDmoQsdszvnK4LuaD9BmvoN8piIcPNFTpoG2pyO2aA6gK+1COU=
=0Hhr
-----END PGP SIGNATURE-----