-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Sep 2023 16:50:16 +0200 Source: mosquitto Binary: mosquitto-dev Architecture: all Version: 2.0.11-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Markus Koschany Description: mosquitto-dev - Development files for Mosquitto Changes: mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload. * Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. * CVE-2021-34434: In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. * CVE-2021-41039: An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Fix CVE-2023-28366: The broker in Eclipse Mosquitto has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. Checksums-Sha1: 3172767923da5502e68b8f277cd84c7087781270 59324 mosquitto-dev_2.0.11-1+deb11u1_all.deb 0c4f617a6d2d7545b0e30c1596e13a9372ea64b5 7339 mosquitto_2.0.11-1+deb11u1_all-buildd.buildinfo Checksums-Sha256: 4cf8446909234ead13760e4d40b86c480b5262fa20cf34155d337bda11d03573 59324 mosquitto-dev_2.0.11-1+deb11u1_all.deb 70bd09ae542d28a823941f53aca9ac7faadb49a75cf71e0ded773db9f6c13c17 7339 mosquitto_2.0.11-1+deb11u1_all-buildd.buildinfo Files: b64ac5b3cab09b3a9e3fa17263b32e46 59324 devel optional mosquitto-dev_2.0.11-1+deb11u1_all.deb 1c1cf79c684771147144eaf908c63d6e 7339 net optional mosquitto_2.0.11-1+deb11u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmUYjUMACgkQDZWW6X29 Ydps0hAAkWfQJFznzUZcN+3ncGRShlSfgYXRKg0KkX6lKnIqccAI5N7QnvpF+vU+ SF3M4fT6uR06SbLnyM9k3RlC93rspBCseon55ZgzUO3cNBEdBCEgyfQn6tRPIxrA iYPALhB30yf9BpEqsRguP2hv6iEymb2+8DRquLzVJMHzj5/etHWJYwoOFTcGCFjf 5hQL9N535yXr27oYFzGQpjYGh417qO7n0EcYaLphPSHZ6dTnLxuyc2gySDHk3pGu fwKHAHUZs5uHB8veqePiLWfYx3VfDv7ZkTn2sNll04ave4byw6hzPsMmtZfxAdLb xkRQOPRlKrnmvJBxklex0+7U6qpvORTuqBVHUksynDtZPdJKUbluAzVmxNDK5TtA OWQSxGAF6acTO2TwghRrP0tlAR/aC+hACiAIsCCF4mHC2I7MP2k7CPLiFgZ6D8NA z5fj7VM7iHvYTS+VVTwnIFLcPjm/1bqvQnbaKX7RVNWoBPum983sVkU0rCKQSL5u 1JoNDaPhKThp2g9bS911/8ceUQ7aUwOW/tb1yqC+rFOsqzCJCXSw3v7bRiOh2MrM +fwKL4b0LED8Jn3XN+FNE4M18567LHqL/C1nvB5Ysy4qvIVoWuRKoig5R9sYVyf/ NON3xyxcW/X2RqxV+wwU1Wx11VAjp8WWuQDbSrRa1saYEn+uGQo= =wk6H -----END PGP SIGNATURE-----