-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: mipsel
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 90c02e1c6d9314516600ddf18f9f94c5cc953907 69792 libmosquitto-dev_2.0.11-1.2+deb12u1_mipsel.deb
 7f6022700c4e7f806de3c8785af805c2c116c982 109160 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 9178e7992c13497e0fea9e5de4a64b6231c9c54d 84224 libmosquitto1_2.0.11-1.2+deb12u1_mipsel.deb
 5d5163d661d4b6628b89e3a4bd0b9e89f4d28d04 51196 libmosquittopp-dev_2.0.11-1.2+deb12u1_mipsel.deb
 95baec1d573562e48b63f2c5f9b18aff56dc5a12 14988 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 f23667e1ed0bfbcd6bd0ebddf9fd5eb19950968f 54776 libmosquittopp1_2.0.11-1.2+deb12u1_mipsel.deb
 30b982d3f6e57874ca927da99d81f84d98c30286 129244 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 7cacc8f63d199a3b6b6532668584d8348cc106b7 107160 mosquitto-clients_2.0.11-1.2+deb12u1_mipsel.deb
 f2a6c4dc53f62d3278677a5e5dfcce60eba19e9a 511552 mosquitto-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 0500c46bb59f81304d88e17a0684d2972a9f86b0 10041 mosquitto_2.0.11-1.2+deb12u1_mipsel-buildd.buildinfo
 81dbb24031e8e8089b2327fb6e51bcf55f97c149 378676 mosquitto_2.0.11-1.2+deb12u1_mipsel.deb
Checksums-Sha256:
 ba959253daa86ede332394d0760f39c8de866f2a1cf282a6c36ab780c22a5d86 69792 libmosquitto-dev_2.0.11-1.2+deb12u1_mipsel.deb
 3454d4f4bcb8daf114a1576f17b365908fdafbb1a9f09dff21fc97548322d87f 109160 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 96a5c841a780a549d47eab23c847604bd1ceba9ee05149acd9cf75dc6245dce2 84224 libmosquitto1_2.0.11-1.2+deb12u1_mipsel.deb
 ee70e5298b1550c46ff564d7eaa277783af0da4b7381def49b7b84b0695e3cb0 51196 libmosquittopp-dev_2.0.11-1.2+deb12u1_mipsel.deb
 0f7fe4040a91a6a4f32733bec8a8b0e2350aba67bffcf598a16bb32b15863f0d 14988 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 2ab1878cf31d9da486c151ad190ccaadb86f9418a597cddeb2b50fa67a7541e2 54776 libmosquittopp1_2.0.11-1.2+deb12u1_mipsel.deb
 2be0b2723d389ac91a08b816f3c6bbc7dcf870eaf4640e7543ee049255ce77cc 129244 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 f6c21c2187c637de30980d08a3b51b90aebf566d1ca88a40cd485989bc439f95 107160 mosquitto-clients_2.0.11-1.2+deb12u1_mipsel.deb
 9488f24976916fa2b62d070a122988e171f767c980c722540f668bc36acb7157 511552 mosquitto-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 a61aa1ad7e6305b0ba9dd36af4427956798a73c588f2884f5b4fae8db839c6ff 10041 mosquitto_2.0.11-1.2+deb12u1_mipsel-buildd.buildinfo
 639fb8bccd149d8290fca319bae2812bbb1952895fda8e21f0503888671bf931 378676 mosquitto_2.0.11-1.2+deb12u1_mipsel.deb
Files:
 b645bf0f519d716b8ed98c7527ed83d0 69792 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_mipsel.deb
 f32f69195131dc2dc851daefb9752ea0 109160 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 bb3f0f7bc3a91a6b251180b789e169fa 84224 libs optional libmosquitto1_2.0.11-1.2+deb12u1_mipsel.deb
 f720b9ba57e5f3fbc82ce9a7aea750f3 51196 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_mipsel.deb
 f42f9e3e9c04ee3b49e303d11698feb2 14988 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 3b2346e82ecbe9018118ac75ba797c9a 54776 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_mipsel.deb
 0194f447f29fb6fbce9e6b35713b07c0 129244 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 d62d385912246412b24fde6e09426768 107160 net optional mosquitto-clients_2.0.11-1.2+deb12u1_mipsel.deb
 28781aefb2fab3499deab0077a43e9ff 511552 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_mipsel.deb
 bd8c9b59797491e1bc3bc0c3e8f79494 10041 net optional mosquitto_2.0.11-1.2+deb12u1_mipsel-buildd.buildinfo
 e22f8482afa7da720250f46ea2def692 378676 net optional mosquitto_2.0.11-1.2+deb12u1_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7FUbSrfgk+qhJhySoQbzkdO+xGgFAmUYctgACgkQoQbzkdO+
xGjkpw//UhhQRKfp929C42U5tP5Q7OUJzA9JRbDvacruDnHYZsWcQtyBo7rGAJwg
niorrwEnIbjfqE2EhPJiiuz70nrWiXzXUvxfsuBaApmS/COmIlK/G3GcSlEO47mL
Ea7KIn1LwA04bRFRw227Jasmcdgbt7Vi1NJ7W1uGrqN/sMcm1Nmj7VoR4vpNLVbI
YcKZDgJhkGx1/IHR4sdomTZGTX4hQ98gZeTsMuNDiVLL3ZLRN8Vb4IapYLAS1aKL
I4sUAU25iXBoTuhbUfAr8ggUCqlYIurfLer+7e6lrXeAC75LLk75DqN1jRCLzYfe
Ry04/AQnRHUmG8adBPC0z/zpzfRcfwdLttR0LkeX3tSto1CcMT/t24Xie9ifHNyA
R7nSlAKh2M2n+CtF9zxWhNDaFBqLeRVTUyaiuLZ1iTVwZnE3HG6L/jDVUKCG2pkD
Uac0ccJIjXDwv1fqWXsnboaFO8rtbzaXZWZxEfUonCCoZoXRtvbjwpT4Fji1d90B
N3Op8eKODokiFu3GGpKEFeipYHjiSbXsgbWD1gw/yv7Q90zbUvNPdozO8gQ1jdF+
eAYZAxRRU4ZaCXtPrNuOLSS19jPWMBaIhPgOAq0YyyJ9wnDTiNar28BwDIfPKkjf
AZSn4LW1g0SaemOietDNgV/LlyuVFYpU780TGTiTxifRQZE2vDA=
=AYdH
-----END PGP SIGNATURE-----