-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: i386
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 05b89fcaf8bebfbd833c6dd5e368b4745c8df120 69788 libmosquitto-dev_2.0.11-1.2+deb12u1_i386.deb
 80b64834e77f12006345444c0bca79c567ba9d1d 87316 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 c594a970dee086ca5a0d82b731a5a68e01d4f3c1 93044 libmosquitto1_2.0.11-1.2+deb12u1_i386.deb
 dc716d00ff1fada6070b7ccdf7bf0645f8e6ff5c 51196 libmosquittopp-dev_2.0.11-1.2+deb12u1_i386.deb
 70f3e5cbab14d948699466b92638b2ce46113570 13364 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 f0ad0740897b4617873c4da4a0bf494f5064a426 55636 libmosquittopp1_2.0.11-1.2+deb12u1_i386.deb
 d993a4a490ab024344496ac51762a6aa1d5e0751 123752 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 1c964d7a4a289b0fc4e3e287943812c3c6934b89 111832 mosquitto-clients_2.0.11-1.2+deb12u1_i386.deb
 09a1e9740443cbd8ebc119d5cda7f65f0e3d9c55 451880 mosquitto-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 8e04f82a26fd22c91feedf2a2b7b7770683e6ae4 10101 mosquitto_2.0.11-1.2+deb12u1_i386-buildd.buildinfo
 79dc925657a22ff7b5c4ffe7485c9063ba586853 439408 mosquitto_2.0.11-1.2+deb12u1_i386.deb
Checksums-Sha256:
 6317d4458ffcf5c7f692e32d8965c51196c6155832f7fadb7356c0edac690b3f 69788 libmosquitto-dev_2.0.11-1.2+deb12u1_i386.deb
 e91b0e19d0271f4e2cd70fc154af09eb731ba303c5144d7654c0697220263557 87316 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 7ea2c45aba61c50f893be8582483612d9aaab81144adb7ef001d92e9291d741e 93044 libmosquitto1_2.0.11-1.2+deb12u1_i386.deb
 7d5bb376d93a35dd3863739d75387b908796bc65de141580edfbfddaf10c229f 51196 libmosquittopp-dev_2.0.11-1.2+deb12u1_i386.deb
 ac0ab171dd1b541fd17f1624a4bdbac8e1234335cf9cd6e1f80cb7d2e6119b75 13364 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 c8cd406ab9842a8db95b889fa15adb0426ba3ec7649839f3bee7ac5d282a8ca1 55636 libmosquittopp1_2.0.11-1.2+deb12u1_i386.deb
 84ee3fe338397eac56b69c72e1914dc60efd3a986172efb03bbf22f17b75ad57 123752 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 e4866bbb02e291dd65e1102a59c7d7685d950dbcdf8dd07d5eb101c15afbee0a 111832 mosquitto-clients_2.0.11-1.2+deb12u1_i386.deb
 700251091e306223c8985dfcb0d106cf7d129e4f587108a788a396eb7f8ea164 451880 mosquitto-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 b1b0c2e618ad5df8457ad0cfd280b842debefd307a542543e023a9e69f7e234b 10101 mosquitto_2.0.11-1.2+deb12u1_i386-buildd.buildinfo
 b4492c8701b5a43eb38e0e65af571ef8ca51ad7f8bf2ec20089a4d059517c90f 439408 mosquitto_2.0.11-1.2+deb12u1_i386.deb
Files:
 33382703eb5c94d97d07db81801f53f9 69788 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_i386.deb
 feb36c73f4b3ba28bc3bf868935dc6af 87316 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 c8e0ba0106da3e4556837446d7880d4c 93044 libs optional libmosquitto1_2.0.11-1.2+deb12u1_i386.deb
 85d85e8c74eb7777a0f8b9aabb4e1e4b 51196 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_i386.deb
 ec1454a45b5688f2b7bd69f67411346e 13364 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 1c146e0c01455dcc16c201dd46b91a99 55636 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_i386.deb
 d35e7b0ad3abf7803fb512bc8dfb1530 123752 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 0d45becd48ba7419f82e038a4a19e083 111832 net optional mosquitto-clients_2.0.11-1.2+deb12u1_i386.deb
 256c05263dcf32dae90bbaa785726b54 451880 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_i386.deb
 3c154dbac2da16861259612608174076 10101 net optional mosquitto_2.0.11-1.2+deb12u1_i386-buildd.buildinfo
 3287a8057ca1be1215422187ad9b1a6d 439408 net optional mosquitto_2.0.11-1.2+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOtJZa9Q/HRv7PgxxkF7E12VCox0FAmUYctAACgkQkF7E12VC
ox28EhAAi8kp0sCeQenReYX0hPyOOjFviLhFPMjQs1beHYIoyZxn/zLleaav5GV3
wFrNesIoKispHwvojjeR/KjbeTBwkF/0CuXD79ByO/kl/LF5Ge6v/oT3N2I3adTw
ObXPRjNbX6msjeJvyV8xuFKD89VtyFDwQ1UORHwQ1Jiw6ID3biii5hbuVM3I0fow
P2wXAz9lvgkaRLsFh+SB1C5osxlxFfgpKktNk7abiBbXI3VxPUFDDXxIbcjpak5v
aIuWy0Dg6cL/E0A4+Arf8fjwfwaRgSkkhZqUAKH9zJkULGG/O35JOaVhbhd8oead
RgUPoLo7wEYtsqHRE8W9iJcdfTuewle4pAmXMauxKtolnGl9uvU4t9DARi7lLj8q
DvB9/QTqK1/sB9a8TMrckf8XVP+PmUX2ncGoLSBMRrxoAe0CUG1i+cuQYOHUl3Xt
DXaVdAvzVtlfsXpOr2PijHYoKeHJ4DqIex+PiqBoPeDxmdonvnWg/UR1ZqSrYtra
jqRf8sUAKQN4ie6rVTCuAmhXCTyRwvNyjjB/ijqgnux7qESAV+2/cGFGEHNnVGZ+
Ju+f8pnWm/uKN62MUJU+jj4mSEEEaj5N1/ptB9vE0/xIBny3ZGiC7yQu9+fgZHnx
eIr+SmWWcwwT0SSjPSk3qEFi+Yl2vQES0yK8GzriA6C18r3XtTw=
=sXtV
-----END PGP SIGNATURE-----