-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: armhf
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 4f74523eee05a40902e2cc3546848ecca97120ed 69796 libmosquitto-dev_2.0.11-1.2+deb12u1_armhf.deb
 47b921617c011ef4c8461c34c458a894a3fc91f5 105068 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 18d4a02fc8c4673275e820001bad80e07ec2436b 80052 libmosquitto1_2.0.11-1.2+deb12u1_armhf.deb
 7e2584b8b3a187191d552e32728e5faf3709823e 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_armhf.deb
 0381a4b0447f92887bd29c13b4781b3b7133c984 15360 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 f393878ad4528b42184f8d9082368e4eb06ce11d 54256 libmosquittopp1_2.0.11-1.2+deb12u1_armhf.deb
 4ded333bfd3ef2847ca14cc4ddb2dec7a39e6fd6 130816 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 5e0d90be8c8e7b0016fb2a72e90f5b0c926519d4 106948 mosquitto-clients_2.0.11-1.2+deb12u1_armhf.deb
 634271f19fa2a39f75a1104eb41585970ee17969 497004 mosquitto-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 65653dcc95b2233f5c2701ee066f7e47583325d9 10063 mosquitto_2.0.11-1.2+deb12u1_armhf-buildd.buildinfo
 7a3b0d2bf294b2cdc2bd6bc22e170545331a6685 371912 mosquitto_2.0.11-1.2+deb12u1_armhf.deb
Checksums-Sha256:
 df9057d3de07817c87a2a17bd0d5cd4357d7567547fd5c11eb76059eb7b180a5 69796 libmosquitto-dev_2.0.11-1.2+deb12u1_armhf.deb
 5f5c7e707dd59e023d9fa47b7ebc567d8430ea622489807224982323a7272674 105068 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 ab29e2d9d7ad7e9f268008f1abab057785da5bc5f5e3fe7f0c3333fa872d8688 80052 libmosquitto1_2.0.11-1.2+deb12u1_armhf.deb
 fb849d67f92794341331420c9c6d5ead10250c37d600bf2b76679e8917899249 51192 libmosquittopp-dev_2.0.11-1.2+deb12u1_armhf.deb
 44b3bb92bedc6c2a45320a81ac6e662f568205dab382fc6292f645826e73caff 15360 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 11714a50dfee9f5d5351d5b609cb9e7d246af1de6c49dc3f15cb80e31ae09658 54256 libmosquittopp1_2.0.11-1.2+deb12u1_armhf.deb
 21533b22518beec20ece6e47a03bb9ba7b58fa4a46d3224dac2b6b15cf8c8523 130816 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 45c45ef81e581d5dafe9ebd234cda693c2bdd51137803ba796d3acdd01854a9b 106948 mosquitto-clients_2.0.11-1.2+deb12u1_armhf.deb
 9c848ea4493c09ac24b8076bc5af1a7e1abd41ba8e02ba9fb69bf755d6a1c613 497004 mosquitto-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 0a7af620f16f66b7bce986aad9e7e91191970e74761e74f4a59fae4136f4a319 10063 mosquitto_2.0.11-1.2+deb12u1_armhf-buildd.buildinfo
 5843401eb9ae1e6a903b08f67b98eed51ed22b2431670e4b06188c511bcba2ee 371912 mosquitto_2.0.11-1.2+deb12u1_armhf.deb
Files:
 234be52ab09973daf950dbcbf39a8b04 69796 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_armhf.deb
 bccbc22474d3f413fcbd3afa8964d351 105068 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 17470b2188321b42b008a459054facfd 80052 libs optional libmosquitto1_2.0.11-1.2+deb12u1_armhf.deb
 675ccccba7824cca118c90653470840d 51192 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_armhf.deb
 02585efd22da245cf3cee0ed72677be8 15360 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 10091ace56ff84612fad82c317b1fc3d 54256 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_armhf.deb
 5480e4bf993a5e2ee1feaba3f7963b9c 130816 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 fda9c7c63feae850ab759b3659ba29b7 106948 net optional mosquitto-clients_2.0.11-1.2+deb12u1_armhf.deb
 276cb66768692ab8acdf0de05f6740d4 497004 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_armhf.deb
 2a0939d840ec01d383a0309b4feba356 10063 net optional mosquitto_2.0.11-1.2+deb12u1_armhf-buildd.buildinfo
 0e1d0403a53b74d38a95a55b5350fb1c 371912 net optional mosquitto_2.0.11-1.2+deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVNIS6FpWdgLvabP3yAdpDL98SQ4FAmUYcsoACgkQyAdpDL98
SQ6XIg/+OXSUZnaRX55ts4N1SnUJBi5agMGl7yPQUJt/PryGbFCYIYL0zmcwM3l8
6xArezZ+IbGAMB34QFDy8HWjFMlLmOePAeNojamCTQwwiW+7MMvBHPkuakEQe2Ab
0yUPx9suvOYQYEn7EocDkPs+FGPdNiCgxVkG2Gsc5IElEC1NFe1dTJiUq5Ofths+
z4HR91hZc7vnpEIQvBewqcEDCJ07qy2Ts31p/7orMRDaHG+J/LOLsxChlVfEmkir
R0rx3OUir7fBJx1Z43BDCJdIDr2bv3hVfPA6uWD6MAqNMzW1EOnHfi+7W8wJuAoQ
b8biAj/cG+E5/N56Ff73/oo2VIkcPq8Y/hWkUhXvK3mqv+5l2WW+UX0S20nPuaqE
ICCQsmlAV7yCZPP3JVq5mlf72qY3lKfaSgzamD4VhoUQdkrgD7Y+n9oMbbH5tXQI
tYq8sf1BXexWAiN8rV+tRVG7GeNGuclS/BYUy7CoMq67lA5dqUrUVw9WkDN+0nNa
gfiJJTO3UnIql4KQoOg9w40Fi7TcBZ2CmKZPnkmi3zn6PIaOGBcQmOz0F+8n9RX+
eSvhaypKm3ElG/fjcZPrBho+k9XU6XjS7UbshDhsDSzBtp8/sZpzZ+ggaovVYSpK
4LD5vP04uMPk5rojSHfFLq7W5qxpbicselQycNQbB2IkUthfPXs=
=WNkQ
-----END PGP SIGNATURE-----