Accepted mosquitto 0.15-2+deb7u1 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 29 May 2017 20:49:33 CEST
Source: mosquitto
Binary: mosquitto libmosquitto0 libmosquitto0-dev libmosquittopp0 libmosquittopp0-dev mosquitto-clients python-mosquitto
Architecture: source amd64 all
Version: 0.15-2+deb7u1
Distribution: oldstable
Urgency: high
Maintainer: Roger A. Light <roger@atchoo.org>
Changed-By: Roger A. Light <roger@atchoo.org>
Description:
libmosquitto0 - MQTT version 3.1 client library
libmosquitto0-dev - MQTT version 3.1 client library, development files
libmosquittopp0 - MQTT version 3.1 client C++ library
libmosquittopp0-dev - MQTT version 3.1 client C++ library, development files
mosquitto - MQTT version 3.1 compatible message broker
mosquitto-clients - Mosquitto command line MQTT clients
python-mosquitto - MQTT version 3.1 client library, python bindings
Changes:
mosquitto (0.15-2+deb7u1) wheezy-security; urgency=high
.
* SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
set to '+' or '#'.
- debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive
of messages to/from clients with a '+', '#' or '/' in their
username/client id.
- CVE-2017-7650
Checksums-Sha256:
e16a84a7d431d9f4f4b783ff16518dd624ad34b7184343f7d8c4f1fdf2994c84 2233 mosquitto_0.15-2+deb7u1.dsc
ed2839501f7238bd21e275e44e40083ddd9a17c156d9f599df125a70c75c69a2 7232 mosquitto_0.15-2+deb7u1.debian.tar.xz
7b872cf29d28d31dca0a8ad0fc5ca08fcc8052a7087b09845aa4da52938c1bbf 68492 mosquitto_0.15-2+deb7u1_amd64.deb
e1cc9e1d0e6d871e64a26de13d60185dfbf87849a4c96c64c504d2dfbae107c3 25544 libmosquitto0_0.15-2+deb7u1_amd64.deb
0186d3f1b4c1090e448e5c2380465e28b13208cbc2778ceadaff72ca9f7c146f 19570 libmosquitto0-dev_0.15-2+deb7u1_all.deb
3481bb50c52de4d3fd0240b4611cd22a3f040cedc961a4c714840f083bfacee7 16090 libmosquittopp0_0.15-2+deb7u1_amd64.deb
3431c7059680905c8ea86a87803533ca552c714602f063d4338fb82cef591c0e 12556 libmosquittopp0-dev_0.15-2+deb7u1_all.deb
0f1670e62fd62b63a1ff8a35b8211c0973365d42f9ddf79a938b0229ff3173c8 28350 mosquitto-clients_0.15-2+deb7u1_amd64.deb
59a27bd573d27347c799b786ae313827ccf9babdaa074bb530a1b20d6dc8e6f4 17462 python-mosquitto_0.15-2+deb7u1_all.deb
9d4c26fc99392150f57ae938fb03659cea4df7f31f5abb2e46ccfb7cedc23a54 148297 mosquitto_0.15.orig.tar.gz
Checksums-Sha1:
9841713d0805936f61168babc0f3050ae756ee73 2233 mosquitto_0.15-2+deb7u1.dsc
647f373af0540c04347879d4c98c939bb0c8e452 7232 mosquitto_0.15-2+deb7u1.debian.tar.xz
ed223293d94068bcdb91dd20ac3001f5fe6a12a7 68492 mosquitto_0.15-2+deb7u1_amd64.deb
be262b1ba55c7e4ea49049c9d2719341d79d2a0e 25544 libmosquitto0_0.15-2+deb7u1_amd64.deb
1b74790c6a2734906df73cb19e3282bd262e0146 19570 libmosquitto0-dev_0.15-2+deb7u1_all.deb
f7ee047545ac48d728f33ac8d3bd755b16651ba3 16090 libmosquittopp0_0.15-2+deb7u1_amd64.deb
c45d317ab2c5260aa47719120036062d36e582c3 12556 libmosquittopp0-dev_0.15-2+deb7u1_all.deb
6ea0b72c1e31c42d4d35ec56e7c0564c5d5a8fd7 28350 mosquitto-clients_0.15-2+deb7u1_amd64.deb
8cdbfcde13b9b5f770ac9cc731ae904d279e836f 17462 python-mosquitto_0.15-2+deb7u1_all.deb
ca2b7ed150c6a65baf09f62184d92ceef37fdea8 148297 mosquitto_0.15.orig.tar.gz
Files:
1cacce2fcea292c6a0fd4d33c5c31817 2233 net optional mosquitto_0.15-2+deb7u1.dsc
6a5acdb11fb6f9d8c35945d81200b47b 7232 net optional mosquitto_0.15-2+deb7u1.debian.tar.xz
e46b9f829781980d2610a572437c54f0 68492 net optional mosquitto_0.15-2+deb7u1_amd64.deb
cb7295d783b1d54a8425e59bf0386f17 25544 libs optional libmosquitto0_0.15-2+deb7u1_amd64.deb
2f919d28074ba55e844134de7a6b0305 19570 libdevel optional libmosquitto0-dev_0.15-2+deb7u1_all.deb
3d8cea585f0c16b24115e91cf3a295f8 16090 libs optional libmosquittopp0_0.15-2+deb7u1_amd64.deb
674b7f34482e84edee4263477d467ea7 12556 libdevel optional libmosquittopp0-dev_0.15-2+deb7u1_all.deb
d94f45df84f479a29b90b61db9799eb7 28350 net optional mosquitto-clients_0.15-2+deb7u1_amd64.deb
51d057c5d6ee6c0e7e0c8704d67ad9bb 17462 python optional python-mosquitto_0.15-2+deb7u1_all.deb
7ae0ac38f1f379578ab5530e5dc7269e 148297 net optional mosquitto_0.15.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZLG1LAAoJEPNPCXROn13ZZz0P/RrbJs4F4051bjT6tMf8Y5EX
+xqp/YYEY0PddTYvmqrjKSUWdnanSMmNSsQERSVaJXPgW/zEm+f/oeQ87dsa6kBB
WRw6mgIOQi3ZHchjuVWlXcPbt0DRj2ClnF28wo6EULaYV86afSbQA1GNFEg23B1A
0WhfrQl1SOqAAqsrlNNR+mmdNlLrt1yjeor9yyk+/ePkwxU0FG399TeA9MlNR8GO
N7f/hCOrO4RxQOx7iCIP7ZHJOpnF5zhyYGbBgHwBJeGkKFKkmmdqwvPiQUcIEkei
o2O5lU9caZbwj/EP3lT1g2fBHvY0X4KBsCWSvA6tPJ0qtOyDP3IulujdJzD8M8Jo
s/bP0TqGlaGlNc60/ImOsbisBCuA4BXCHU++Bq8LV3lCnbbhFbvKi/S2nJevDdHL
f/tt8oWNORvPsEEZkQSQ7MTxguB6qFoQNLESURvv3kMJwcL13TCXlkn2gyjvpQ1f
ujpqdw87zFb/JiJpbHdupBvGCoas8YvHvHEsUyIeMs7WSWyo9SoqvlKSdQhMDehk
FsRMLdVvVh4PZ5FWvlHXpUVQI6LajX2xsMXnFjJI2QP9rbbBySJwvP9DGRmvVQIV
m1JpMFDKitAXUdvXA5AJOWxAMpdwYiYw5qEgioni9wh825bCLYhSBritjZUvwkcD
jm4SLtfqJRb+f/5AxeE5
=D/0P
-----END PGP SIGNATURE-----