[ubuntu/lunar-security] mosquitto 2.0.11-1.2ubuntu0.1 (Accepted)
Amir Naseredini
amir.naseredini at canonical.com
Tue Nov 21 12:05:27 UTC 2023
mosquitto (2.0.11-1.2ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: Authorization bypass
- debian/patches/CVE-2021-34434.patch: Fix $share subscriptions not
being recovered for durable clients
- CVE-2021-34434
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2023-0809.patch: Fix excessive memory usage.
- debian/patches/CVE-2023-3592.patch: Fix memory leak when clients
send v5 CONNECT packets.
- debian/patches/CVE-2023-28366-1.patch: Fix memory leak in broker
- debian/patches/CVE-2023-28366-2.patch: Fix regression
- CVE-2023-0809
- CVE-2023-3592
- CVE-2023-28366
Date: 2023-11-21 10:12:13.026021+00:00
Changed-By: Giampaolo Fresi Roglia <giampaolo.fresi.roglia at canonical.com>
Signed-By: Amir Naseredini <amir.naseredini at canonical.com>
https://launchpad.net/ubuntu/+source/mosquitto/2.0.11-1.2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list