-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: mips64el
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 86942ab8fce90fed35bec351cfc9817c8c07d4ec 73576 libmosquitto-dev_2.0.11-1+deb11u1_mips64el.deb
 bb1601a7c28da5bfc03fe7679803179d87bd1466 110000 libmosquitto1-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 b8ac3e3c43f058e7e809d54014d2418ce1ff35b5 88808 libmosquitto1_2.0.11-1+deb11u1_mips64el.deb
 0205ae21c1b15fdcb8490a1fed58335bb1d722e5 54952 libmosquittopp-dev_2.0.11-1+deb11u1_mips64el.deb
 f11eb2202fb114da9142e24d5d338591353b8333 16028 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 eaf6d4960f88eca333c52f5288e0ccbac3b81e8c 58756 libmosquittopp1_2.0.11-1+deb11u1_mips64el.deb
 89e8d017272ae36020efc4b1eb9082eb26a8c233 128480 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 8b937e89018845a3fd631065dc51ee7394623444 111724 mosquitto-clients_2.0.11-1+deb11u1_mips64el.deb
 83cf0ed94cfc74340ac323f96558eacadc835544 497120 mosquitto-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 a9fb382915e84bfecb0f95739c27cf3b0253b5b7 10147 mosquitto_2.0.11-1+deb11u1_mips64el-buildd.buildinfo
 3cd0256f15016aafc87b6c29307a170df8f8ca37 253384 mosquitto_2.0.11-1+deb11u1_mips64el.deb
Checksums-Sha256:
 53bce2f6e3dc15c65c470d25dde416a2fe7cfb4be3c2390cc1ed501d63d2c1c2 73576 libmosquitto-dev_2.0.11-1+deb11u1_mips64el.deb
 4c0f7a5c5a54a96ee92eab1cdcceefafa61438c27bbff1bf01d0b79fd2c5cb97 110000 libmosquitto1-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 48f0e1c89318f6d6493560ea204b35d5c9c28811ed67de588a265cad840ac1fa 88808 libmosquitto1_2.0.11-1+deb11u1_mips64el.deb
 a1fb3b23e223e6a2255031a5bc39307cf85ae992dfd29a108d7f70f34f740198 54952 libmosquittopp-dev_2.0.11-1+deb11u1_mips64el.deb
 c8d6cc6ea7454c94af054f30c64910bc184c988823800fe6f599c0899faf61f4 16028 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 c3f588f0c4f52e93103745a063c25f014a1a370f3ec5d29df287a0a046f8e49a 58756 libmosquittopp1_2.0.11-1+deb11u1_mips64el.deb
 1d622373058105f2c71935eff52dd2e1a9788a22ba91bec3e2f73c53ce78bd0a 128480 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 e00c606dc4fa8f8413d57e881236440875e28f7d8b462899b48fcaf278c56785 111724 mosquitto-clients_2.0.11-1+deb11u1_mips64el.deb
 1934d93e70302d5696bbc2fdcb796fc440a59fcf8311c447da4a94115a4db35b 497120 mosquitto-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 4629d5d564dfe0c1eeb8349da6202cc65add7bae04eb41943d438a6d227eaa6b 10147 mosquitto_2.0.11-1+deb11u1_mips64el-buildd.buildinfo
 8b5f5867a6edecb67da48c86a0827a3d681efc0d71e712a8a5fe2b95599cd4da 253384 mosquitto_2.0.11-1+deb11u1_mips64el.deb
Files:
 e927c1e2d95dc0bd6fae5c345bacf8d0 73576 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_mips64el.deb
 4885838311a40e48a11fbaa8e9311331 110000 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 f77d39bebfa3a6278476ed3840fac337 88808 libs optional libmosquitto1_2.0.11-1+deb11u1_mips64el.deb
 9a710b7bc2ab1eb3ea6f39d1072faa4e 54952 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_mips64el.deb
 49ee3292655c21fe5e509e8b2017fbd2 16028 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 f881ce55342eb97061d6ab8e4288e3be 58756 libs optional libmosquittopp1_2.0.11-1+deb11u1_mips64el.deb
 51f0ab6e3c516f150b82dc483bb8bf67 128480 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 d13f4540d125921fd60fc11da454a59f 111724 net optional mosquitto-clients_2.0.11-1+deb11u1_mips64el.deb
 b850d587e542b51ce0fbd259e54a92a9 497120 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_mips64el.deb
 5d0d4ad9bd71f80e21a2c5093ecc3405 10147 net optional mosquitto_2.0.11-1+deb11u1_mips64el-buildd.buildinfo
 e23c987b1d211cdf3a797d0e44b2ddb7 253384 net optional mosquitto_2.0.11-1+deb11u1_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbqxhtqqT8knLtgp0Ct/wWqReXfQFAmUYja0ACgkQCt/wWqRe
XfTIrA/+Iyy/r74QFgBimm2N7Bwl6omHcuMSnHX1ksMn5J/+ZQch8bs2ubH8eKfu
u4L2kS6kQ8t+Xi7/LeflIYVJgiOl52/TiFHnWEaUcpcAOZa0pRMOz3E19sv6uWee
Dc+tPYRR78DDkTEOwSLCQMHKWCtQtI/KnHQIaP7YgW8i1yWhdD3y9CxdVTETzXlY
M71e7qM9J8HZ4AFuCXH4/KuLSGRCS5zX2Z8/0UFt4C/O46sqc329fQ7pIf5/EiI0
65kUiu8QS8/h7pKFaqaP3A/ufb6Y1EvXAZIoXobqFi4hdgHuvipM3cg/vXXb1CKX
+VKH3Jmyvx5O+2YfQme0xKQ+qqyH4yR6TN2rxf4Q8xO/Ncg4Pe/lpLTsGxQcFT1l
c+IL7XSgZzji6IDAsqktU0TqymZvpNuGVWvr3nqnW12Ty9i1wr3FDwUjDctFwUGA
5DKrfxs8Bsk3MMku3mIxZWgVZmKCsk3HlVCubtdPbmyJ4Hgg89BDTPqd8rx5tZZc
4sxXoPzOzc0NzsnSljPAT7x/Fp16Q5bfjkVnXfZXuD+oVZ1gOKHCDmTJx9QCReTh
odUbEDeZbssqC8jtriqBoPNulvtkhvy/g+x7dO6aawgPgX7PvnNNCZMwJjQFaoYB
Cod1SBCh+/Kb06hr+9IfMkldEZB/khFeTXHZ5mAu41S8IFVjBYs=
=kfxU
-----END PGP SIGNATURE-----