-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: i386
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 306906596e95b512ae77e4c83d2310b3879050b2 73564 libmosquitto-dev_2.0.11-1+deb11u1_i386.deb
 f942aa91c567a731532aa91775a8762f96b2adfe 83752 libmosquitto1-dbgsym_2.0.11-1+deb11u1_i386.deb
 98a332ee12fa69ab4701ded0969ac10be8465289 97008 libmosquitto1_2.0.11-1+deb11u1_i386.deb
 d11417a96aa0e1d18a6408d097cf19820bcbd7e9 54944 libmosquittopp-dev_2.0.11-1+deb11u1_i386.deb
 8fe5688517ac15de658ff2a7c0c618e149b78df6 13436 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_i386.deb
 b17e729d3c80f6df9da4823ad203fe8865fed385 59420 libmosquittopp1_2.0.11-1+deb11u1_i386.deb
 944e9e37baa7a850eb1eb399ec254cec817934d7 115024 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_i386.deb
 2f74171c1c83bc7e1f2b3e454c53b5af238261e1 116076 mosquitto-clients_2.0.11-1+deb11u1_i386.deb
 7d6c29260880056f6ed844b79cda1209e6b9140c 414120 mosquitto-dbgsym_2.0.11-1+deb11u1_i386.deb
 4d99c82e8d327d6810278cf11d3a945a03539638 10107 mosquitto_2.0.11-1+deb11u1_i386-buildd.buildinfo
 4d60cd6fd0bf91dc8ff48c63d91162f77935b954 285876 mosquitto_2.0.11-1+deb11u1_i386.deb
Checksums-Sha256:
 8b43069e23f16bddcc058b19fd52ac4bc07875063b959d82f750bf3e98c19be8 73564 libmosquitto-dev_2.0.11-1+deb11u1_i386.deb
 b43f9cb8e93b8104056569a36cb53155744d81283e4cba4640bf7cd3ca801f86 83752 libmosquitto1-dbgsym_2.0.11-1+deb11u1_i386.deb
 b1eb2750be857c2bf86b706c5ba479d451b151e3242de1cc39b644312726f4c3 97008 libmosquitto1_2.0.11-1+deb11u1_i386.deb
 e8245ff7b4c94fa1a75dec4273dfa3b919d4e583ea14cb080375da361ea2bb0c 54944 libmosquittopp-dev_2.0.11-1+deb11u1_i386.deb
 65fca784a1e66a528a3484712fe98e618e96f25bfdb1b2528633b4f2160a6582 13436 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_i386.deb
 7af602fbf107711bdd208e51dcad409998f8a65224fab84a84e9063db6601dd3 59420 libmosquittopp1_2.0.11-1+deb11u1_i386.deb
 6795d92e9059b8a97406d92006bddd500ffcd062e38c5997d70bfbad8bdcfe68 115024 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_i386.deb
 31326acbd57265d82493f9b7bb22946cb325c4a7c61a8d7645757a5c504e0e28 116076 mosquitto-clients_2.0.11-1+deb11u1_i386.deb
 6c9f16f836657139ed733991b820655a41c08bffcf8ae9b4a3ec230e65865b96 414120 mosquitto-dbgsym_2.0.11-1+deb11u1_i386.deb
 201e24990391a577ce679c5ebe739886d061818c3b7d93f8e979a0ac5d7d3191 10107 mosquitto_2.0.11-1+deb11u1_i386-buildd.buildinfo
 583d02a73d7353ed73444009b6da2b336a21a2473eac82e2b0af7abd930f8e76 285876 mosquitto_2.0.11-1+deb11u1_i386.deb
Files:
 dc8bae0dd3181154feb940d3715c651e 73564 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_i386.deb
 353337ca66df8fd4fbe7920c51765b57 83752 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_i386.deb
 2829f49a65f2c95631f68553fa5b117d 97008 libs optional libmosquitto1_2.0.11-1+deb11u1_i386.deb
 77c5801a086dbc0cc3f9e37a3a125c4b 54944 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_i386.deb
 c1019b816e2461112a67e17acddf726f 13436 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_i386.deb
 9d420e4175d524971bf028d198797acc 59420 libs optional libmosquittopp1_2.0.11-1+deb11u1_i386.deb
 8a2ba0d6ac10fe0707cc6f980dbaeca4 115024 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_i386.deb
 f9c2f990f66db9fe0cba9e51de415b72 116076 net optional mosquitto-clients_2.0.11-1+deb11u1_i386.deb
 cdc8994791ed60b4f3be41d9d13e61ba 414120 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_i386.deb
 a5e3696df93eaf3b92089ee64103e1eb 10107 net optional mosquitto_2.0.11-1+deb11u1_i386-buildd.buildinfo
 8bf6afd380e04b6b1755d4cee37910ee 285876 net optional mosquitto_2.0.11-1+deb11u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOtJZa9Q/HRv7PgxxkF7E12VCox0FAmUYjTkACgkQkF7E12VC
ox1eCg/+MUhbGVodkFnY3QUhhdQNrJG6xnhv6xyEHDELyL4YjYvxrffTyB8qvkSL
ZCEzgyBDGN6mNYDH0bX6OMQJeihmlWZVwbG3JVFP+ez37rs1+jfKZFiNtLmdgtlG
t2/tTKQu2JolYlXsUqnOSNzfgsKg8Gdw/dw5ebals8b/HpDdbHCLWLjQul7P/xoO
Gcbvx05Q+R8F/2WAsqVFk+RU92gtE+yLOlclEeXtrTZZMye1YYd4ctpaMkrYeAbJ
/ZxlVjBwEBH5BfhP0t8rlRH5iJCuM/0WqKJ/ei1LG3rx/zm/YTSVXUKhootapwZe
QBquNe7V1qpSMTaJPTX6nXu8gJwwWgn39Ykaf1nnMfyir28zGvYHxNYWXVOrPQcm
F8v4mJIuRKyHgoIVPH3grRMriLN+8LYIwofiWwQQUktNOOrVwqP8WQPlhrUFFoqh
cGyRykSWSHwf2gMX3ToQLCaE6D4DyLjluy85uIRpujyx6brLr3nVUcMmE9kr6rcZ
IzIldkgd2226Uai4aB0CMfvp6LSvC1sW2E36DuoE9pEH/6sl3ZuDzpDnX5VcdVxm
O7f/sZWhMIrWwp0jImK7gnycpy5m+2H266m9V2ED+3NshBmScWzyGpWtmw6u8UyP
uO6fNaZLd51VFFODdZRXIp2t7r5jd+vVD3hxqrPut2k6JzZCvCw=
=XfO/
-----END PGP SIGNATURE-----