-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Sep 2023 16:50:16 +0200 Source: mosquitto Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym Architecture: arm64 Version: 2.0.11-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Markus Koschany Description: libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library libmosquittopp-dev - MQTT version 3.1 client C++ library, development files libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library mosquitto - MQTT version 5.0/3.1.1/3.1 compatible message broker mosquitto-clients - Mosquitto command line MQTT clients Changes: mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload. * Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. * CVE-2021-34434: In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. * CVE-2021-41039: An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Fix CVE-2023-28366: The broker in Eclipse Mosquitto has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. Checksums-Sha1: 1f8bfb6b36027d11ecb5a751b27198ab6954f66d 73564 libmosquitto-dev_2.0.11-1+deb11u1_arm64.deb 4942e0f193c5a4b2ae4c5c95629fe7e532563daa 105204 libmosquitto1-dbgsym_2.0.11-1+deb11u1_arm64.deb 2bbd5f8f2789dd157605ae776dfe9434bda48214 89876 libmosquitto1_2.0.11-1+deb11u1_arm64.deb ee894586b1c1941144aa40eff7d12b6d7e3f4b6f 54944 libmosquittopp-dev_2.0.11-1+deb11u1_arm64.deb 7f25efef14868fd3b805a646b2a1708af497cbd2 15572 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_arm64.deb 441d1eb64f68627923b989b0979ef3fca350b58a 58492 libmosquittopp1_2.0.11-1+deb11u1_arm64.deb b95ea5843267d19f61d8ff97599e53754684a9fd 131616 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_arm64.deb 67b30f3bc26ad65f92c4eeb247aee7440abd5548 112904 mosquitto-clients_2.0.11-1+deb11u1_arm64.deb e81a2687142c4639ee7326265f21c3802f8d4c04 481784 mosquitto-dbgsym_2.0.11-1+deb11u1_arm64.deb cc30de8f8b81482634b40e1dcd3f790ce0c34897 10165 mosquitto_2.0.11-1+deb11u1_arm64-buildd.buildinfo 16a8dd68842931a562f84fd8ac218f468094a9f5 259064 mosquitto_2.0.11-1+deb11u1_arm64.deb Checksums-Sha256: 8d298cc28bcc85309b74587ad48d54d09b3c6bec03b3b0168de2e4462e751a0b 73564 libmosquitto-dev_2.0.11-1+deb11u1_arm64.deb 0c4269ec4e99b0b4fd2f31eb1f113e7d27844a18015a0fa0ea73f6c5150dab7f 105204 libmosquitto1-dbgsym_2.0.11-1+deb11u1_arm64.deb 1b078a033acc42b947e2337da35facbead54185139d04a976bed9d187fcd163e 89876 libmosquitto1_2.0.11-1+deb11u1_arm64.deb 297251cfcc73fb4fe0b54b54080e9ddf7ea670dd092d068012864afea52ec18e 54944 libmosquittopp-dev_2.0.11-1+deb11u1_arm64.deb 13882f5532600d526edeeefd7da18cf8f2cf91f34459a57f1400d799b5e18b40 15572 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_arm64.deb 903dfd2a06a0b03a8b9b79fad128363c2831808847d26b74246916e9e0981cef 58492 libmosquittopp1_2.0.11-1+deb11u1_arm64.deb 0da5bfbc09c7bb94fd2f16ea7ed30bb83ac095f3e1c819b8e88d86165cc3e478 131616 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_arm64.deb d0bebc8abfc6adab951ee8e15a531acef76f018e95e74abbe63592a9b35fc1b1 112904 mosquitto-clients_2.0.11-1+deb11u1_arm64.deb 34142c80a6526a8263c8baff501d7762f561330328b5d8ef0bfdb0d44927bc70 481784 mosquitto-dbgsym_2.0.11-1+deb11u1_arm64.deb ec54a98b237225598397eb39b8af422c52a0e2e4e318bbc93376f711034a1209 10165 mosquitto_2.0.11-1+deb11u1_arm64-buildd.buildinfo ba52b68f51d189437ac1157db8bce20e906b3bdf7f5953abbece386d7d3aec4a 259064 mosquitto_2.0.11-1+deb11u1_arm64.deb Files: b319b7c7175777480bc3c65c9b7cb3dc 73564 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_arm64.deb 954c10a4ec79cc541a17d65f936122e8 105204 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_arm64.deb e18a7f781c7387b0488453e7e1a7018d 89876 libs optional libmosquitto1_2.0.11-1+deb11u1_arm64.deb f55bafaab025bcbfc92b60cabdd13cc7 54944 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_arm64.deb e79ea0953d38dbcbc2b1a6c5d8c736a5 15572 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_arm64.deb cf9d59bcd5ae79fff78d2eeeadb18e1f 58492 libs optional libmosquittopp1_2.0.11-1+deb11u1_arm64.deb 021f2c678d0ce420f0088521daf8c585 131616 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_arm64.deb 18a731c77dbc554ea6f2ee7ba880fd20 112904 net optional mosquitto-clients_2.0.11-1+deb11u1_arm64.deb 7dad45bec7aea3dbdb8f82fb5637d5aa 481784 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_arm64.deb b763d339dca7df955093aa473a105512 10165 net optional mosquitto_2.0.11-1+deb11u1_arm64-buildd.buildinfo 9f1f654ae138df9342550fdf181e137f 259064 net optional mosquitto_2.0.11-1+deb11u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvH8AOGUMuGQ9yWfAdEqOeknEYfEFAmUYjZ8ACgkQdEqOeknE YfGUGBAAoKTOYAXQ0GImZRLLpCIa4GIIjf0D1QdHpcGuDPZBgEVMd/UHNfiRItFu 3dMZVH1YhJXrZff7JSYktF5hOA1Btq7ikCYRvqsE38N0FngfmUB6zffuF3OzW63B +j6cBTp/5a22G0MMqE40wfEYPXmTBbqUvaHEe8qw0XEEOh+z9g5nn4/a/Thwb7Yk RsVczWHLL3khgUw/XjQxXE8/T57QNQbC+nhTW5osXGqwtLBXYvefwLTIJK73CMbp A38l0uVujQBIbXkY4+XTEeyMq7VP+AUpq1rZUpOoCsBe6NQtyZdoaRktQ5JynWvi c2wkB/V14ZkE8zzjiyggt9nNDLRUJH8B++IfLs3DQKa8nFiK3FwBGnA2kj8i7Jjm 8PTRyc9ImkeQphw3p+SU6vyj0EYwfdBtZS+yV8M5Xer4nYUbDdJ8/ab4AH6mC/m4 mxSX+grOHbzfGeORJZNdTNqcLmBkS8FZW66L6TM6+xfyGugS/ut0KiJ2kcUslCMZ akzP4/sVAoF/1OtgpR4+mMTaci7xrYErzw0vo7kQFpFuK71aY09p6r+R5RlwC6Pz mDAwEsGKwWCvPTy1rciVzf2dieC8ly4z40waQ6O9QFqhl0Ex5RHMNHAnOOJDVIIG G/60RaCUh3ePeKNDwQyrjodVcFFjD9lYOCMXRIUNHYJx9oqxBOE= =ZFuv -----END PGP SIGNATURE-----