-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Sep 2023 19:28:09 +0200
Source: mosquitto
Binary: libmosquitto-dev libmosquitto1 libmosquitto1-dbgsym libmosquittopp-dev libmosquittopp1 libmosquittopp1-dbgsym mosquitto mosquitto-clients mosquitto-clients-dbgsym mosquitto-dbgsym
Architecture: s390x
Version: 2.0.11-1.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libmosquitto-dev - MQTT version 5.0/3.1.1/3.1 client library, development files
 libmosquitto1 - MQTT version 5.0/3.1.1/3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 5.0/3.1.1/3.1 client C++ library
 mosquitto  - MQTT version 5.0/3.1.1/3.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
Changes:
 mosquitto (2.0.11-1.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Several security vulnerabilities have been discovered in mosquitto, a MQTT
     compatible message broker, which may be abused for a denial of service
     attack.
   * CVE-2021-34434:
     In Eclipse Mosquitto when using the dynamic security plugin, if the ability
     for a client to make subscriptions on a topic is revoked when a durable
     client is offline, then existing subscriptions for that client are not
     revoked.
   * CVE-2021-41039:
     An MQTT v5 client connecting with a large number of user-property
     properties could cause excessive CPU usage, leading to a loss of
     performance and possible denial of service.
   * CVE-2023-0809:
     Fix excessive memory being allocated based on malicious initial packets
     that are not CONNECT packets.
   * CVE-2023-3592:
     Fix memory leak when clients send v5 CONNECT packets with a will message
     that contains invalid property types.
   * Fix CVE-2023-28366:
     The broker in Eclipse Mosquitto has a memory leak that can be abused
     remotely when a client sends many QoS 2 messages with duplicate message
     IDs, and fails to respond to PUBREC commands. This occurs because of
     mishandling of EAGAIN from the libc send function.
Checksums-Sha1:
 365625f7f99f146a8d9343c8dc41a5f46c739146 69792 libmosquitto-dev_2.0.11-1.2+deb12u1_s390x.deb
 7bc344c55021b28a7cce5681bea6654e6fb6fe31 104496 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 dab3df557f483c0a74d31375b610903e5d288738 84936 libmosquitto1_2.0.11-1.2+deb12u1_s390x.deb
 8c5c852549826b6e6411c8e6b6d5203c6cfac689 51188 libmosquittopp-dev_2.0.11-1.2+deb12u1_s390x.deb
 e58bf69ab0a8e2999ad3831aeb7440f519ccc01c 14668 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 99aaf60e6123189b0e1c4460e3ecb609557f84a0 54940 libmosquittopp1_2.0.11-1.2+deb12u1_s390x.deb
 bd262dfd1fe2b810ed7997f44f30eaacabad9225 127340 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 f5730ce85213edef83361349ccf76ca2d695c87e 107896 mosquitto-clients_2.0.11-1.2+deb12u1_s390x.deb
 b238574a7000a8f0e8eb2652d6bb2c288d6c8f44 498816 mosquitto-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 4803c2eab9a2de7b267753eee9fe834bd8cf50f6 10083 mosquitto_2.0.11-1.2+deb12u1_s390x-buildd.buildinfo
 9c522937db3c32f083962811bc316034dbfb083f 382020 mosquitto_2.0.11-1.2+deb12u1_s390x.deb
Checksums-Sha256:
 f9646c7280fe70a5f335df8114cfaff02bdb0c1fde04625fcd9728de9b95f0e2 69792 libmosquitto-dev_2.0.11-1.2+deb12u1_s390x.deb
 0de2d73558ba795857fa9742569982958c5b80b3101e0eb08e25948ff294fa5a 104496 libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 31ee84bee0976a2f9258ae6e706c0205428ad93d5cd5105ee168363d831eaeb8 84936 libmosquitto1_2.0.11-1.2+deb12u1_s390x.deb
 d4c938b4f5f289d493cacfc33ca81f73e21d56cde1afc107d2ade6607c278da3 51188 libmosquittopp-dev_2.0.11-1.2+deb12u1_s390x.deb
 ef8753e864974bd7fb0d67409ca3a654164282a1e2960cc9fbd7e6b6fdf30051 14668 libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 784c6026d45d9a4610365b6a074e2435c3d87400ae254e275ef8affaaac381be 54940 libmosquittopp1_2.0.11-1.2+deb12u1_s390x.deb
 09a63533413faa2c9287dc7890246e928af8be9f9f17a32aeae45bc5347bc321 127340 mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 5c687bc9a9e82635b57dcb538498b18500c04564694f29ea3ddca8bf06d71b95 107896 mosquitto-clients_2.0.11-1.2+deb12u1_s390x.deb
 7a001b723fce047418c3f2d3678abc7c3f63803b6035066db7b933c12223aeea 498816 mosquitto-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 a605c239f0e5d8319c3220eb4f07d2ad952a0bc1f08404b670dd06c28346e9cd 10083 mosquitto_2.0.11-1.2+deb12u1_s390x-buildd.buildinfo
 95df072e0829da4a5bcf7d5583f48ea2ade79629960a8eff6f61e6ca307608a9 382020 mosquitto_2.0.11-1.2+deb12u1_s390x.deb
Files:
 fe442c238b435676de31a7fa5c27fa0f 69792 libdevel optional libmosquitto-dev_2.0.11-1.2+deb12u1_s390x.deb
 113f2a9c13ce0608187102bc6b4644b9 104496 debug optional libmosquitto1-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 82fe1849d6ea6f1ab02c513da7ff071e 84936 libs optional libmosquitto1_2.0.11-1.2+deb12u1_s390x.deb
 289c0a0e2577f090c36a11373a389f6a 51188 libdevel optional libmosquittopp-dev_2.0.11-1.2+deb12u1_s390x.deb
 c63c10963de76e4a869076518b428d76 14668 debug optional libmosquittopp1-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 cd363beb0665460d7ab5d21dfac5c8f1 54940 libs optional libmosquittopp1_2.0.11-1.2+deb12u1_s390x.deb
 7f8095b6562062b6910f798f585d3573 127340 debug optional mosquitto-clients-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 e970ff2cb34ad8ef838e80e4f5c5d164 107896 net optional mosquitto-clients_2.0.11-1.2+deb12u1_s390x.deb
 d978fdaac2faca283dd1a16f2f859355 498816 debug optional mosquitto-dbgsym_2.0.11-1.2+deb12u1_s390x.deb
 218826edaa4a5faf443e7acd06828088 10083 net optional mosquitto_2.0.11-1.2+deb12u1_s390x-buildd.buildinfo
 1fdbdcd3b8b504019a8f419180198ed5 382020 net optional mosquitto_2.0.11-1.2+deb12u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhBjA3afmaHyzk51IFQ1EGN3xM6QFAmUYcm0ACgkQFQ1EGN3x
M6QgIg/5AZP+hZwJvGKZEUU7SdN0FJEDUdbjTdsuH0DsSd5hSBQGfj8+58lk/HVH
zzAJOduk+6ecfpjOKYblmHs5yGzhARK8Q3gDPHG5++uiFsfXiIT81fGb/fHyw+gi
JdYzZ8F1F/cH3Yv8S75LaX0nraqL9a0R56tb65QsqSobW1qRkmIeFvgutxOl6dtf
4d+L7tc2xmQzOyzXb7ennB8CsRTxKaJ6Yi5XmliZJ8xK98KsmkxGHCRaooLc1R22
XDPSUD/3VYgrDytsNDvLBH9UU8OpCrZrfxMJ5AHKG6Vt7tPCrvWtYmhT/+dYH7Ot
gKMp+3BFOZh1b/1thY4tisE0NN+BE5q0TU+qatgt2hqO2ZfITaullvxzjgd2/aHX
SZ8jYwHbLspBbjLhKPA0hBHwegYZMcQ5H1mX6/SdbvfSK0DZJWaRjWPEhYZxQGRA
Ymfy1+OKppKg4bxfQ2JLz6BEslpc2jVD0gy8w6cB3qJjrrPormR/SLPar2W+56LT
Qdi6I37ZUciMiXpyaaRRV1ApW2X6lpZeaOv/wyIQ8joM+W0zYBltjG2zbJxr7ptL
qE14wwUHJwIi8nlIkqlwMwdK6C0DDXp5w4lWsHb6ZRdGSvt0oWcYYKPEcEpTSH6w
JwQB0a7e6g0rIepimNiKe6gWqgmjWe9Z3YlynTlQka5kNSEeG9Q=
=6Dyh
-----END PGP SIGNATURE-----