-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: armel
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-arm-03) <buildd_arm64-arm-arm-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 08d69effd4f7d11076a7a153ce4494e8cf088b2c 69788 libmosquitto-dev_2.0.11-1.2+deb12u1_armel.deb
 87a4a6aa55991c09676145434aeb2affb2ad1964 102724 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 1002da44b7a213ed906ec875b6dbb305cdc2e6fc 79720 libmosquitto1_2.0.11-1.2+deb12u1_armel.deb
 e69e67c0af2b89bc10843cb5de63ae774df2ef37 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_armel.deb
 f0809dd22b1149189f177287f9199ec26b1abe02 15028 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 b9cf012dabf6cf3b1e7e7beffe20606acd6b9776 54192 libmosquittopp1_2.0.11-1.2+deb12u1_armel.deb
 a22ff4110f325c621a57c895d4eb7a4347412257 127692 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 856dd5af3658b9c948bfe098f9bf6b8ad83c021b 107864 mosquitto-clients_2.0.11-1.2+deb12u1_armel.deb
 56c61a408517127533efa8db5a7dee76c6af0341 481656 mosquitto-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 cf90b47f148ef2b9942231e6c0f6efaa2e57a55e 10061 mosquitto_2.0.11-1.2+deb12u1_armel-buildd.buildinfo
 d51e37d68ce4b133ea77b3436921c06990a27981 363888 mosquitto_2.0.11-1.2+deb12u1_armel.deb
Checksums-Sha256:
 e9d280f70af41144bb928d1f5ccf3acbe12d0f2e5e40a63587161cb9b715748f 69788 libmosquitto-dev_2.0.11-1.2+deb12u1_armel.deb
 7e1d9abf2a0ccb9590f2af788eae4e41d6937beef6734da2d6a2963e92cb5b68 102724 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 02c93781091dd2a1de26ca2127d0f93785a95d761aa609066c10264b23e33bdb 79720 libmosquitto1_2.0.11-1.2+deb12u1_armel.deb
 d4123524c33c767d9d6b3b99ba7f16aaa51d2f3e92ae1a8cf17bfe3a03acde7e 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_armel.deb
 bcbbf6af6bfd20c92dd2d4b9828b3fb0411caf13849cc10f23f386e90ab690fd 15028 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 4b4f1b2d281edf682ea46ad8bfe523a921beb8dc93db0f1e87f85f5eae01e2d3 54192 libmosquittopp1_2.0.11-1.2+deb12u1_armel.deb
 79e3fce96345fe31f300db55f91c641a68960df8de17508fa074ef0ae1e524d4 127692 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 e84c25032c07cfef713041c6b4a86a61d15d1bd4ef9e81d8020ae7322b128446 107864 mosquitto-clients_2.0.11-1.2+deb12u1_armel.deb
 410ac8b69dac4fd795ac28df1c2d5c86b2db2eee213412520bd3a175f744249f 481656 mosquitto-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 b3fbb4aa9e5ba93c708b7197234277f7d0fe32f906f3d0c76869a64af8891898 10061 mosquitto_2.0.11-1.2+deb12u1_armel-buildd.buildinfo
 136104b7197e6539d1708a68d39af0fc0cb4ba36bcd7e5e1191ebda77c213b09 363888 mosquitto_2.0.11-1.2+deb12u1_armel.deb
Files:
 f30d9fd6092bbd4ad500f6fc3ac67b01 69788 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_armel.deb
 d3090ed4773c144459a9bff54f269423 102724 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 e0797b4bd9a800d0bdb4326351e7238e 79720 libs optional libmosquitto1_2.0.11-1.2+deb12u1_armel.deb
 c6a5d55593d69201bb215fcb75e1e2ad 51192 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_armel.deb
 2711f55ec2f080a70a75bf4a13d4f2cb 15028 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 fd2885436c032f5940d4a7b66ec6919a 54192 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_armel.deb
 b260c8f2066f12b2dc16d4d5ab05c044 127692 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 c750a0148db0624be8d0d822cd60f62d 107864 net optional mosquitto-clients_2.0.11-1.2+deb12u1_armel.deb
 49ccf1e9da0fe36c3804bf84bc626116 481656 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_armel.deb
 badfd6dca51ed1ed215939aa9dddff95 10061 net optional mosquitto_2.0.11-1.2+deb12u1_armel-buildd.buildinfo
 604ebf1eb5a89ffebee1e8d884e180b3 363888 net optional mosquitto_2.0.11-1.2+deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExwLooY4pOBEnRvQOhwvc65q7iiUFAmUYcr0ACgkQhwvc65q7
iiW/UA//ZGAIE5kRcWMjLCKZxJnr3KowQr3FDhsQs55/3krsGmv4rxK6joRkO0Fs
VGkX5HuYbSmpbyegB9RvIhiK8K8oZFvIhokG9hJj+i/v9HNgxEqRpdoOy23DUg43
lTsHiWhEpreP3C/GcRM7ZbJRVsfd0Sh1ekiITRmts5858vJV73MkscJr/gX8Uj2Q
SAz8WoZfFOLGt8l/yrKdGiE+h/sOW6XbkhOqfFtV/IP0UrFXggiw+NmoLWGzGMYA
xwS+QiX8zFvZsXAAIxesjrSupWbizpMk9onQEwLit6na0CFaMCOiO2OnX2RIe/JH
+zRyqTiMvppLj8rWY4K7ZmJeuePc8G6hKFqM4ELKdzvHGbPgdIR0ns1W34gytj9a
58Vv5j5efx2+u47vAKaN447tGJ8KQb+ZFb7m5IrWQXJ0LKzsw2FB7mK0UI2lPIHV
nHzBcsZsHaZW0sSNj7FUhlMoN8BdU0LyeOSxkHM/9pVlqLW/4cnckqLRs+35IY36
z+CIL/tfXFR898dUpWKj4bfFQzJMPa4tt8E1qGERlkn0JmXCvSjweicIuwbI7Qc0
8WODaJcRctAHmVa+rY+Lo+ndomhE3ykVYq7+Dvo9iJGiNjSBM5/lHldv/AUETtwm
EWGIfBOKTPeeZyR7pq6BQEgrElyNu5ZJ/TYpyYvNtYSUyUZ7UdU=
=BxBV
-----END PGP SIGNATURE-----