-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 16:50:16 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: s390x
Version: 2.0.11-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 5a4fcdf7b89c40fe555e557289257c92de803738 73572 libmosquitto-dev_2.0.11-1+deb11u1_s390x.deb
 a1631327b67e2925678be0bb7cfc2c0f47a95fcc 104320 libmosquitto1-dbgsym_2.0.11-1+deb11u1_s390x.deb
 2726da31508b4dcbc5ed87aacdeadb24e1148e14 89172 libmosquitto1_2.0.11-1+deb11u1_s390x.deb
 db972b5e4b9b9870ddb89c847fbc63d8af838f27 54940 libmosquittopp-dev_2.0.11-1+deb11u1_s390x.deb
 8c2ac705b346a26a0cbb4132d5c2169817c4c163 15304 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_s390x.deb
 f4b28e01a2a585b82afaff6ae655c72a74dac41a 58712 libmosquittopp1_2.0.11-1+deb11u1_s390x.deb
 6ddf5f765fc7440e9812edad8d42dcedae1682e2 134036 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_s390x.deb
 8371b56828605e55d90880a2f283f4e00cd2b9a4 112184 mosquitto-clients_2.0.11-1+deb11u1_s390x.deb
 76b1e71cf229f88394b9484521506c6077fd0dce 486320 mosquitto-dbgsym_2.0.11-1+deb11u1_s390x.deb
 c5490176655ec3a15466fdd65b5f8491a6ea02cb 10131 mosquitto_2.0.11-1+deb11u1_s390x-buildd.buildinfo
 2c4451111c2751b915284065bdd2f2da1a791e87 257432 mosquitto_2.0.11-1+deb11u1_s390x.deb
Checksums-Sha256:
 7273abb4af20ca22d9471409a4f48df98121a46bb1c5452eb556f9504fa7eeb9 73572 libmosquitto-dev_2.0.11-1+deb11u1_s390x.deb
 8390bab31e0a6a655df9c55e19a0c43729470a1249e366fc38a210d15ac3190a 104320 libmosquitto1-dbgsym_2.0.11-1+deb11u1_s390x.deb
 0ef18bdd7ea72e084c2129468293e8ebecfcd2df8ec5df353259d1679f613149 89172 libmosquitto1_2.0.11-1+deb11u1_s390x.deb
 a887b732ed33500c69e6cb126f09ba1a78f54f6a1e06b7b490742046b52e6e00 54940 libmosquittopp-dev_2.0.11-1+deb11u1_s390x.deb
 5ee7b2b50b774ede8b6718d16c40eb9456ad234b57c58b2af29410df06f2fb71 15304 libmosquittopp1-dbgsym_2.0.11-1+deb11u1_s390x.deb
 6a95cc0b084c1f531464e0964834fc07975c0978035091755ffcfaee5aa72647 58712 libmosquittopp1_2.0.11-1+deb11u1_s390x.deb
 7cc3c397428e9b0a8fd898ae19d040fe67360229ff35bbd74626688f08726952 134036 mosquitto-clients-dbgsym_2.0.11-1+deb11u1_s390x.deb
 f69776f16d30071412611f96f20dbeea86ac471384247ddf1fd15833dfa29cb8 112184 mosquitto-clients_2.0.11-1+deb11u1_s390x.deb
 0fffa7ca36f3f0cf994731a5a4e215dd478456e4e95e969fec3fa3e8a985c534 486320 mosquitto-dbgsym_2.0.11-1+deb11u1_s390x.deb
 3d3d8610751d49ad657c0b29141d62e53b33367c2c1de2612485473f659969e3 10131 mosquitto_2.0.11-1+deb11u1_s390x-buildd.buildinfo
 ec790db1437a0e2a2e727e6a84ce06c9b13b2afe4097a8f26d953d387e307259 257432 mosquitto_2.0.11-1+deb11u1_s390x.deb
Files:
 e75985f6f78b20ef78df00802bec3ab4 73572 libdevel optional libmosquitto-dev_2.0.11-1+deb11u1_s390x.deb
 e965f0c006b79fd2d57eb86fb5a04891 104320 debug optional libmosquitto1-dbgsym_2.0.11-1+deb11u1_s390x.deb
 d3253009340a0be2a756da7a5c9e4b7e 89172 libs optional libmosquitto1_2.0.11-1+deb11u1_s390x.deb
 4c766a0944602bb7bb1cd91ed306ed5a 54940 libdevel optional libmosquittopp-dev_2.0.11-1+deb11u1_s390x.deb
 f767901cc44b1c2bd35ee5c442a45762 15304 debug optional libmosquittopp1-dbgsym_2.0.11-1+deb11u1_s390x.deb
 40685418574ea5f5e7e4bd32073c9088 58712 libs optional libmosquittopp1_2.0.11-1+deb11u1_s390x.deb
 6b9920053ce3b18a695d7473b6ebdf06 134036 debug optional mosquitto-clients-dbgsym_2.0.11-1+deb11u1_s390x.deb
 8ba809e27061975ae3d408f35c61a3da 112184 net optional mosquitto-clients_2.0.11-1+deb11u1_s390x.deb
 fc0d8b3a881ab9e9e399826798961acf 486320 debug optional mosquitto-dbgsym_2.0.11-1+deb11u1_s390x.deb
 ebf9ff1490f4ef2029dbd6286580546c 10131 net optional mosquitto_2.0.11-1+deb11u1_s390x-buildd.buildinfo
 80a82059d23a97a669fa10a73fa4964d 257432 net optional mosquitto_2.0.11-1+deb11u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETdQgQHyJW2hcXsTC6b+AMjGgQHgFAmUYjUMACgkQ6b+AMjGg
QHi0DBAAlBGV7nCR5BhKzhlqU8NlqS/b9fahZ70upvFGGoELh36RBGbfgo6vM82I
tixu7HPeF68/rRGeyOnAFeadjzRF0a0GXiBunfODxP2xNS8hn93OmPZo5qCqzn1E
i+YSE/nsznQUarFNpy7NZQOLGXuLHvxRZ6arsmYqsAOHqXs8W3rKdDTAxVP2kXoy
6WRB2F+t0QytSJM1IjtUMaVB8U1J3K23mV+z3MVSlLv70i0AGmEBJJyVDSC7Xis8
jdfvfz2eWSrPHVkIsVhTqLA2kjMoOHrW/PV1bzgU8XmCdDy7whrg3GCGBX2wTucP
Hco7F1uTqBE4qMXrgP2LCQgZXWEbsxCkz0CX12hPcExEpyCxaqtYhnxxCoMfGBY6
T7FcnKZyARyzBwsls4toVKtwJ8/29TENUvj1rsYG1mEUo+iOPzzDwD0GjwTw5vvR
ygydAE6OaGE/SpsJnEScLK4ILR9CvigP57jzXG8o0emibEo6fLoOxxghlWvlTKWN
RHLWA+5ETqsyhyts0s1U7kT9GUNIVgwVS5yvMauDF3hJB+tReyULw9Qfa5oDAe0m
4ylDrv5AAbvqSspHTvo24uioDrjcvU4Pj8lbUhFWXDb0rBTOpWkGvxz0B7Y5cSnC
O1vUpoaDSNU4diiOGlB1J4HSPzc1E5mkfyHcg94/1Av2sMini30=
=zz3K
-----END PGP SIGNATURE-----