-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: amd64
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 516b678772bbf1c82d835802b75c8617c4ab9bc4 69792 libmosquitto-dev_2.0.11-1.2+deb12u1_amd64.deb
 0d02902e1314a120ad7cc4d07e89f8af1b45c66e 106596 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 45f306df9bd1216a3e108e90d858dc6d7c60b85b 88400 libmosquitto1_2.0.11-1.2+deb12u1_amd64.deb
 27f9366c8167f276a9e715889401bc5f12c785d5 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_amd64.deb
 b60f624572bc6a7e6d5351b7768ae5d297656318 14884 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 6db57a971c3bb3319a35f4e3c4b162aed60ac50f 54852 libmosquittopp1_2.0.11-1.2+deb12u1_amd64.deb
 226d4f189ba1e18ea305695713e5a24d0939261f 133180 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 31641d26d0bdcba4d2b86ba09656be4b0453720a 110580 mosquitto-clients_2.0.11-1.2+deb12u1_amd64.deb
 a65ca25c0f4573dc392283acd4867339ef32d9b0 506596 mosquitto-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 069ad78183ff44b83d9f869f0d5c3b8cd88a3260 10188 mosquitto_2.0.11-1.2+deb12u1_amd64-buildd.buildinfo
 fe1dd026c9037478089e3ac4d4c22d42bd13bfa8 409296 mosquitto_2.0.11-1.2+deb12u1_amd64.deb
Checksums-Sha256:
 a3bed7d93f0913f2c0e54629662a19d7321395cb2fa72b4596cfb61ddb3e3520 69792 libmosquitto-dev_2.0.11-1.2+deb12u1_amd64.deb
 7cff50ec0a2b7e3360b003af2f7f926aa4217f8b310392e7a1dd38c0ab3ffe14 106596 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 9b17ca6f1f7ec7fe2fbf74a943d55af93ca08e067d2d4ad1663a22472c69a4ca 88400 libmosquitto1_2.0.11-1.2+deb12u1_amd64.deb
 f5832d16f47cc2c9604b23d5092e4f354b8a594d68a254e93ed8abc39994cee0 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_amd64.deb
 736e48010f104db480f303d66dee1ed713893d1fc956e346558b3c717904002e 14884 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 b1acbc50557dae20bb5eb9c4e705f874724ebe754bf2cd32b8fb94e4b93c4d9f 54852 libmosquittopp1_2.0.11-1.2+deb12u1_amd64.deb
 1bb8975fffd8b2a4344f0e369635e9f3949ead135e85422fc8f4cb1420b4d047 133180 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 2441e6019f78565edfe0f2f90bfe66efd2536435f7a7a555e2c4c6d5069364b1 110580 mosquitto-clients_2.0.11-1.2+deb12u1_amd64.deb
 642bc7a7b436d9c9cd987958d03e5ab516c9d6e9808f7c1888d42fea72f18910 506596 mosquitto-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 aed8d9e4be1a2c69d01ad022b6e9481445174765908309cc4fcf744c4a4d6c31 10188 mosquitto_2.0.11-1.2+deb12u1_amd64-buildd.buildinfo
 d40cb7cdfabb0543514e407386641085c7674b7cbfaddaa7b45656404e614af6 409296 mosquitto_2.0.11-1.2+deb12u1_amd64.deb
Files:
 8efdb64a787b66486bade92245f65890 69792 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_amd64.deb
 97b485938b4d8d5e7f62ed6107c5b120 106596 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 9f70866b324d141a469d3afc8dd0f9c3 88400 libs optional libmosquitto1_2.0.11-1.2+deb12u1_amd64.deb
 40fabdae85052d01e8b07bae4daca3fa 51192 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_amd64.deb
 8ebd61535778f169a5db2dbb275d0ab6 14884 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 102b4c15e257401c3810b7c85ce3ea37 54852 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_amd64.deb
 5b2058479184d30c976a9ca0bbe755d2 133180 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 1c52689a63e3e0e3b5f0d0e1766c24f6 110580 net optional mosquitto-clients_2.0.11-1.2+deb12u1_amd64.deb
 8deb28c044d9eecb76a4f1c2269cc2b7 506596 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_amd64.deb
 9dc837fea193b25d312102b92c5f081e 10188 net optional mosquitto_2.0.11-1.2+deb12u1_amd64-buildd.buildinfo
 94fade2c66620570cb22f3a4ceb5d65c 409296 net optional mosquitto_2.0.11-1.2+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfSHphWe6nwpTFrNNZXl/6h5+iU4FAmUYcxQACgkQZXl/6h5+
iU7N9Q/+MG33mWpAJWher+Dhfx3MS0K2pJIvpxtAopyd7zKCbC5qXKPpzYVpjIqT
anSpIf7JmY6/eONo57Tr0bqHSYftL14djJfuZJrE0ZXO5oOzPDNy+jLQmvQRpGEu
ebYkjCKaPIhJRVNEFRGNxrk9RSjhXtzad8U9Reropiew3l9O2iDfQxBmTeNMnE/G
OA37fpJVf46yip0tk2xkVI03sCLNneov3a2JzErtLJfkJ0OMikmlb4zWl1m2/XQf
sxIJU1+s+/SneFb4VYc3C745taPsbGzuMBpc8ALoWYrWbagY1HJtjSoqu6lkDYO7
cuF/KdYOA5ODmvykgIhg+Lsf75aG0ZFlUbU2T/GE2w7HXSAQKiABR8B8046O72hL
Si4Uwqa0LAvzf6PfpHUqe7G6w+YBy0ytdi6hZ+RoQDPEVsBJ0cHOI+U11Bk4hIaV
866OxwS4FuwnLWvqBvhHi0ojwMS3Xhds5cDvLHwwauHgX+4VE/WeNeOhuPst5quy
3WEmQ7/8RrEiwll92YRY6NPlEvId/Tsjkt9wMHjycydEf2352s4IbAyGq/aYt6Uz
M3N2SEybOihddLbvJO504D/7dIOsndH2zgwC/5DOWOOg3rlVXiryhcDf3oSuRLSI
C0DvJvvYuvx590Pi0LmcBDIpnqmhLj2kBrKkn2x740843mu+mcE=
=do01
-----END PGP SIGNATURE-----