-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: mipsel
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-03) <buildd_mips64el-mipsel-osuosl-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 4da6b1cffd40ce24f2456093006f43bc47140cee 73568 libmosquitto-dev_2.0.11-1+deb11u1_mipsel.deb
 ad435e31ecb4d528e6708938dd6aa8207d061352 101784 libmosquitto1-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 998f43ca6926196344914c3858713616d8c2544b 88424 libmosquitto1_2.0.11-1+deb11u1_mipsel.deb
 42c5ea01d1ad55db70499b6af1eabd222dec9711 54940 libmosquittopp-dev_2.0.11-1+deb11u1_mipsel.deb
 18ed3292d8472f9a9d34f96841d00fddb520e008 15308 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 a2c473d44a764c518601d032e88a51afcaef808b 58464 libmosquittopp1_2.0.11-1+deb11u1_mipsel.deb
 0709b781d4b0fb8520217553b2f9579ff1f0e0e4 127932 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 cc42e4324d2fcc81658e8dd140f325c3c419e454 111532 mosquitto-clients_2.0.11-1+deb11u1_mipsel.deb
 c2ada2c7fc79cb330a33faba5f61dc00d91ed8ba 468468 mosquitto-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 f4620c04cbbc29f8851a7d4b9601ac73324cc387 10076 mosquitto_2.0.11-1+deb11u1_mipsel-buildd.buildinfo
 08652ed1abca6527f9c338bcb842112fd96f7716 253440 mosquitto_2.0.11-1+deb11u1_mipsel.deb
Checksums-Sha256:
 4f4f9c64c001b01ad2820db2abd9bc19e65e9d96f7a1918e1e2cc665c4812c91 73568 libmosquitto-dev_2.0.11-1+deb11u1_mipsel.deb
 fe7a38a9fcad1f24d92c69c3900bb45df5cdf4f747fd46044932474d35b51139 101784 libmosquitto1-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 71e491abe60535fe3240cfb935a46a8dfa6ea5adabc4238d27ba8d9f9d41c087 88424 libmosquitto1_2.0.11-1+deb11u1_mipsel.deb
 78ca1c3da3802533dfd60ab2ea1a6f808583573c55e42b0784452d9ae54d73e2 54940 libmosquittopp-dev_2.0.11-1+deb11u1_mipsel.deb
 3bafa486a6c118921d16b8da170ad7fd3b0cf34bffdd01d86631ba9a19534857 15308 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 060172ff4c8ace95a6571c7446cd150265c712adc3e7d607ffb9ec4e7a0e6c7c 58464 libmosquittopp1_2.0.11-1+deb11u1_mipsel.deb
 79b9dfad3820cdc1e668847ebad8d5caaf6c16d7308e1c84b3eb4606042920a5 127932 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 0c9da8d53487fb658aeebd507a0be083ee6125e29c9586d64a73847cd7d51feb 111532 mosquitto-clients_2.0.11-1+deb11u1_mipsel.deb
 2c9641517cb900910e6f26d5257d381b6e2ba8204d4ab4a477cc15fb2a6ce3ae 468468 mosquitto-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 8bac9a4b9fe07e4e66f11ca7f0cf0fdeaaac3a8feb6a6dc786211e4b40a96a63 10076 mosquitto_2.0.11-1+deb11u1_mipsel-buildd.buildinfo
 adff2ef1053ac7bc55d6d00633c8c582f6670cbf044113cba206b56f31296217 253440 mosquitto_2.0.11-1+deb11u1_mipsel.deb
Files:
 c6902747e54edd51b2eb203e63f6f287 73568 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_mipsel.deb
 b2f6a6db262bb97d3db342d03e1ad690 101784 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 ae2cddf7c5de314f5134a283dbeb6bf4 88424 libs optional libmosquitto1_2.0.11-1+deb11u1_mipsel.deb
 3449ce9eada057810b45cd49bc720584 54940 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_mipsel.deb
 ae8fd85b151db3a90f56384242142d53 15308 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 1ff870133e56c16eb969613c64bf53b8 58464 libs optional libmosquittopp1_2.0.11-1+deb11u1_mipsel.deb
 6c5e07f74db9b899158cb243db813806 127932 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 06cb4ddb40ece9d836d83843fcf4bf9d 111532 net optional mosquitto-clients_2.0.11-1+deb11u1_mipsel.deb
 85b0fac2d7d11a1a64b6b0665a8501de 468468 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_mipsel.deb
 9de11566c4eff94c96df0ee3f17d49b0 10076 net optional mosquitto_2.0.11-1+deb11u1_mipsel-buildd.buildinfo
 3af1ef9837b09a6cb7c90f2fc566a347 253440 net optional mosquitto_2.0.11-1+deb11u1_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXUZVEjohYGA7PDpMojl408mCs9YFAmUYjcoACgkQojl408mC
s9ZB0g//eqbsrrlcVq7eVd2iWArFz8SYvODvE9ottqKqZRL47juk0cRheZL7/1vU
/rbeBzCdm6pLeljzHhxIHguqA8a2CpDVJDnCRxdAv7WFmE8gelCElzSesgfs3UkK
dhThd8XRo2ezuN6slDKrYHaXI0VSkUBMQi8KK2BDneghDRsFGeLBXRhfBBoUgc5r
ODyw44vvAi0rTlBHETyJw6gmwmZfZiTGoLVERZRUG53HoNJwpU7ZvlF1gBTStgxV
OYr4qZhsiwjIWAF7Sb50RlLMo2Ny16RCST3ZqFo1j27zXq4kwdwZIZIWXmOdv0lB
aRm8l3Q2wwCEtevGMve+EcNMKs7UKTpiiSKAmQ4VRq8qntMFdDZYKMGxiW3CTGPv
LfwWwPTI3wfq4Vyr8GpcFjrlCR3ufjj0zqPQmWYF7hYbV+74YO22sVw8a1NISxNp
3j2kyPapdssapjYYJcSYrduGEq3Sz/W/0bJn2NRU2k5XabVvU0s0c6Si4nWqq8fc
pr1EeHGujtYtcusc5b0IuvRyPmlUlxoD9nXd5qCfWErNwAMu9B5t7jds5xGrgR1Y
oeSIyBEgbi+m3QfQbtQ3rzj4E86XmYH2XhiTuqoPe1yEURAP3kNpiIyn77NMCWhw
C53hs9wBaUjZUtnrEW/XHuz24H2EM07k1lgLIdQfiPQi9XZx1S8=
=xU5+
-----END PGP SIGNATURE-----