-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Sep 2023 19:28:09 +0200 Source: mosquitto Binary: mosquitto-dev Architecture: all Version: 2.0.11-1.2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Markus Koschany Description: mosquitto-dev - Development files for Mosquitto Changes: mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload. * Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack. * CVE-2021-34434: In Eclipse Mosquitto when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. * CVE-2021-41039: An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Fix CVE-2023-28366: The broker in Eclipse Mosquitto has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. Checksums-Sha1: 2983e4d6fda3e8e356beb25c556a08e4c6398dd7 55544 mosquitto-dev_2.0.11-1.2+deb12u1_all.deb 72d8741f141b6515f325dc1f7a636a95fcacc567 7294 mosquitto_2.0.11-1.2+deb12u1_all-buildd.buildinfo Checksums-Sha256: 200b7fc7c0f5f3030be0fab8cf8ca008d189457aceb271cdcc717dd5b1e59d7b 55544 mosquitto-dev_2.0.11-1.2+deb12u1_all.deb 9b61fc8e5acd2a8020e9ff033e698d03b1c0307064c82f27f7d2712847145c78 7294 mosquitto_2.0.11-1.2+deb12u1_all-buildd.buildinfo Files: b0990440a8a118803da4b7cc4446d668 55544 devel optional mosquitto-dev_2.0.11-1.2+deb12u1_all.deb fa9ea1f24097c5b29f4f52689f16dad8 7294 net optional mosquitto_2.0.11-1.2+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmUYcmEACgkQEbLkkg2O S0pD6g//QnS2ng1ycEWJ3p5//WLq7xTHpRfCPr47Ym+Kvr6g8EtXKSVNunIXG+bB TQAV2UsyzQChOmJ0jvxH0hOg/DofBC7NkrblNBoVPdtdf1rwInt8OEswruGUBylb jfM1e48H99Q5uhMDFtLuv2olU9q18Ik4MsjAm/7evsZAOerPmPSDoeiEbZJ3jqja snfMtnYOelJx1+c0gSaYmVPLKS8F1l5YzjBkJXx79YNxcbEUa3Q2HJwynkJ/yBsd S/L+P34N+tPmftgyahPY9g4Lv2BsaZ29Jc78RU+nxcJI49dJ8KnCtyqcotmb3/cT +JWIcLfiLWOeTXReGu2m7HQFeULTDWaSDUhck0diTMzLumIkq3sEkwBP0O3eDRE3 /+oYfai0/tHtqOjEgJbfUAWb6NV199Gwam/4DpABKBOxr3tyg3zjp8+fjLDaGb7o fmgzf2fcV4l2qWLljqbZg47ME+OVcvSG15CnlLI4DMgeD9hNNPZotI8cAIqg7CAI XUmA9oAfr7PclY5vdjzsPOjeyat8iZbUWbiEQMdapXRjnGiX/QUUdG6EM+FgA/na zv3FZaHOe0WHP4aE1O66sIsJU4ME6/GoXbLYGXr4a7OrS91LzJ/gzGwHNpDFYLdj pErlCqhFHpGfvN4xNh6NjfELwTWDFOXHrpA7mg59i2xMo3IenZs= =d+Wo -----END PGP SIGNATURE-----