-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: mips64el
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-03) <buildd_mips64el-mipsel-osuosl-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 8396eda571530cacf52725cdec93f8790a88e6bf 69800 libmosquitto-dev_2.0.11-1.2+deb12u1_mips64el.deb
 7ca5524cb7df9dcb9feb9c0648e70df685ef0772 111980 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 46163670f81bd48f55dfe1f4aeb4298ae3149f89 84712 libmosquitto1_2.0.11-1.2+deb12u1_mips64el.deb
 a81060e47099348c90850d1a594ea454e0aec054 51204 libmosquittopp-dev_2.0.11-1.2+deb12u1_mips64el.deb
 b931aa3d29e73936ad9974b13a09f533eb721ea2 15360 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 0f62e1a433bb531d28e57e9da347fde6a4fe5f87 55076 libmosquittopp1_2.0.11-1.2+deb12u1_mips64el.deb
 8c97fd037f210923064bd0122be0f3168a0aed37 127912 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 542447dd87b95d465be4d806417c62bc1056b65d 107512 mosquitto-clients_2.0.11-1.2+deb12u1_mips64el.deb
 2c6542704e244744d55d90bc5a9dcbdb81fbe72e 520296 mosquitto-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 80a5c42abb72b4ce5a93295ad9df79bfc763909b 10112 mosquitto_2.0.11-1.2+deb12u1_mips64el-buildd.buildinfo
 6ba6be0e69ef3539f1f1e40a3747167e330c638b 376044 mosquitto_2.0.11-1.2+deb12u1_mips64el.deb
Checksums-Sha256:
 b88808dbf7658e2df96d33e3ce3639cefba4de692b5040d98ed87b65c35d8ee0 69800 libmosquitto-dev_2.0.11-1.2+deb12u1_mips64el.deb
 7eb876621f80cafdd2dcd86f16be6ee50b2b6d42826fe114c3285910d362c66e 111980 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 d992e65229a1a845f7409409d7f04741af3c120c840b3f71f0d160aff35d9141 84712 libmosquitto1_2.0.11-1.2+deb12u1_mips64el.deb
 f7feedf3d4313a621ef1477c126535d913823eb1b9f62e4f8557f1e34414d293 51204 libmosquittopp-dev_2.0.11-1.2+deb12u1_mips64el.deb
 50254203492e68eb4aa9d7efd1ded6ba3530d8a26d7dc22cbcece98cb6445231 15360 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 bd74a406c53725762c94acdd0169a2281d99a331e2da29c107cbdc8295afc5e4 55076 libmosquittopp1_2.0.11-1.2+deb12u1_mips64el.deb
 2175e78e562dfed36ed4ed9b45d10c27bbe49a1fb1754fd6d0a99c70c6273b4c 127912 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 861e274d183c24559f1a1a02767b52022abf1b965e64f19604fa6b4d27010c15 107512 mosquitto-clients_2.0.11-1.2+deb12u1_mips64el.deb
 09fc280982022a6513d206098b9cc79ec694fdc78ebcfbfa9ec26c466622c09d 520296 mosquitto-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 36d710cc5d796498309f148cee1087ba7320238b906b8b72e480ffa7d781eddf 10112 mosquitto_2.0.11-1.2+deb12u1_mips64el-buildd.buildinfo
 93b278765cf7f857eaa8e876350d3ab9ac9569f4c56ba50032cdc45171537657 376044 mosquitto_2.0.11-1.2+deb12u1_mips64el.deb
Files:
 56a50a928f96b2a168e440770d2a6f95 69800 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_mips64el.deb
 eb3ca3e95673ad77a5f3adf23d88850a 111980 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 d7b24c04fac50948ba993ce3f86df21e 84712 libs optional libmosquitto1_2.0.11-1.2+deb12u1_mips64el.deb
 9f022c307c3f6e399a329ec064433b5c 51204 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_mips64el.deb
 e7c4bd892bf8b2e87b091fa813b6b27d 15360 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 ec9ddbcbf95c4de58d1ca1d5af2a4e48 55076 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_mips64el.deb
 642ffbbcfad7407b02364b3632a3ffa2 127912 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 d06cbc2816a56876f34950365e5e90ce 107512 net optional mosquitto-clients_2.0.11-1.2+deb12u1_mips64el.deb
 9e150b09015afcb1df3a80bffc3e0e1a 520296 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_mips64el.deb
 af8f8f3e4fe2eb50ac0ce8e6b2220703 10112 net optional mosquitto_2.0.11-1.2+deb12u1_mips64el-buildd.buildinfo
 dd3b8486137a2fe2f13d40c8c25f4b8b 376044 net optional mosquitto_2.0.11-1.2+deb12u1_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXUZVEjohYGA7PDpMojl408mCs9YFAmUYcq4ACgkQojl408mC
s9aSeA//ZzbUE1aRkB/Q40Ci2+2WjMMZhxVCXILw6pGpLzf1ltLSMB2TppS260Bc
0ZG1sFcUAQ8kMKZ73QaMZKbLWOg2GEvg9UuZHougZ62PyPdziu4lk4YDjuqB0T5o
dlIrYajZyTqMx+TdqnyKZ7XlntdQ188gjfcrXTOfqpMOSsORC/1r6n/U5pAJ1Zzg
tChRpD9IKb+vr2WhPop0w4YiHSgxnGgXpsFi5ibwyEpaflt2kQqrg75WPXcOOUcE
D/5MXxY2fBGoPM++WQpPtMt7mg8faqPq9mEYmE5vFbEFUv6Pzpl0H61fzjSGBYz+
E0aLw9/mUhIqzPT9O90/LPkTgjIqE525xswmvOfB/sreP2uoXFVfUgQszsLbosmv
v8/DqTnc58cqAxoBDy/ZHFJC7w4pEwdA4LcUUlur0/UUBouf1d9HaMqMU/ioJaD+
Ym+IhBUI4K/OyZdtCH9+UTNPvuobfU+icnaQXw/GvZIDxHufYIS7153KlalcDAdF
xBvlHnidoiKz+lOXwQe+tgAb+XjkpCN0ps0McdvFNh+R7wA2a0/qnCyeEV+l7zMi
F2CG929IHusCw+NS9z66P+WtJ6+b/eygk5rsKZsDJT9ljazNx/mTF9CTrzQxGz+v
f1csZXz3Gg7YSJoi4m7BfYD/WRtAtLdjpqaXrTzrdO6TbtCTWGA=
=bGDC
-----END PGP SIGNATURE-----