Accepted mosquitto 1.3.4-2+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 May 2017 22:14:40 +0100
Source: mosquitto
Binary: mosquitto libmosquitto1 libmosquitto-dev libmosquittopp1 libmosquittopp-dev mosquitto-clients python-mosquitto python3-mosquitto mosquitto-dbg
Architecture: all source
Version: 1.3.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Roger A. Light <roger@atchoo.org>
Changed-By: Roger A. Light <roger@atchoo.org>
Description:
libmosquitto-dev - MQTT version 3.1 client library, development files
libmosquitto1 - MQTT version 3.1 client library
libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
libmosquittopp1 - MQTT version 3.1 client C++ library
mosquitto - MQTT version 3.1/3.1.1 compatible message broker
mosquitto-clients - Mosquitto command line MQTT clients
mosquitto-dbg - debugging symbols for mosquitto binaries
python-mosquitto - MQTT version 3.1 Python client library
python3-mosquitto - MQTT version 3.1 Python 3 client library
Changes:
mosquitto (1.3.4-2+deb8u1) jessie-security; urgency=high
.
* SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
set to '+' or '#'.
- debian/patches/mosquitto-1.3.4_cve-2017-7650.patch: Reject send/receive
of messages to/from clients with a '+', '#' or '/' in their
username/client id.
- CVE-2017-7650
Checksums-Sha1:
98facc536c2247fce32ee77a0ae6f049fe08bda3 2630 mosquitto_1.3.4-2+deb8u1.dsc
b818672cc0db723995d7c3201ef6962931dd891a 351761 mosquitto_1.3.4.orig.tar.gz
593e01088f985634f49f27ee018e80af5278e811 21116 mosquitto_1.3.4-2+deb8u1.debian.tar.xz
b3db3d63d50a97b6735487e918cfe77cb8d90e84 32458 libmosquitto-dev_1.3.4-2+deb8u1_all.deb
9cb5b2de5e4955dcbe48e22fb6e5d17c50e7916f 21178 libmosquittopp-dev_1.3.4-2+deb8u1_all.deb
632c5ff2a3d2fd3ed63d7cdf9eeeb1168e8c9b9b 34756 python-mosquitto_1.3.4-2+deb8u1_all.deb
c36958525149c713e77dd78639083234386f7f7c 34838 python3-mosquitto_1.3.4-2+deb8u1_all.deb
Checksums-Sha256:
7d3d25d3bd94467648f08b0e2f0f0a7d436d6dc555fec6f9e7cb6132868c99e3 2630 mosquitto_1.3.4-2+deb8u1.dsc
0a3982d6b875a458909c8828731da04772035468700fa7eb2f0885f4bd6d0dbc 351761 mosquitto_1.3.4.orig.tar.gz
10d4428f9768e908500fe38b8e6d3ea9e949c48a187c713a7dc2277706bf75e1 21116 mosquitto_1.3.4-2+deb8u1.debian.tar.xz
8173bef40ab8d76ac7f329275cf3d18d5df322fa8fde2e429b7076482a20d48b 32458 libmosquitto-dev_1.3.4-2+deb8u1_all.deb
3c43b4c9b489b123e17da7d3a02c408fdf0675d5ba8f52cf6a03d00f75290f32 21178 libmosquittopp-dev_1.3.4-2+deb8u1_all.deb
65ccc6210cb9213b4481e1c99588398473868cf0072d3a3a6860501efb597c40 34756 python-mosquitto_1.3.4-2+deb8u1_all.deb
88e4a5a4469e332bd8ee20e086f44e375ec0467e073324fbd866d5dfbf5b3f45 34838 python3-mosquitto_1.3.4-2+deb8u1_all.deb
Files:
87784aec657203e3863e664dc3c43ebf 2630 net optional mosquitto_1.3.4-2+deb8u1.dsc
9d729849efd74c6e3eee17a4a002e1e9 351761 net optional mosquitto_1.3.4.orig.tar.gz
49e883311c9b3fc8f076108dd64d6d9f 21116 net optional mosquitto_1.3.4-2+deb8u1.debian.tar.xz
9f09837d1aa40805734c1ea1c26d492d 32458 libdevel optional libmosquitto-dev_1.3.4-2+deb8u1_all.deb
7a390bacb6929970c51f8869ba35eed0 21178 libdevel optional libmosquittopp-dev_1.3.4-2+deb8u1_all.deb
a667df086651773673d6f535d97bb03d 34756 python optional python-mosquitto_1.3.4-2+deb8u1_all.deb
7bc0b38cf95ac96319f1feabd230bfd7 34838 python optional python3-mosquitto_1.3.4-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkrsKNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EfAkP/j0vZl1eoB9QmQNC6ZPK6Cz/dAyf1e9F
QGF0c9TuGDWw3+/ug5w7T6+WETlygafOCSE5DOuJKC/tvfhYc+5q3W5C3o7c458+
QQVgudrOD397se1FnlB3KsG/CAnBzS6fIC5AGetqdaMqa3OsYqS3r6xHlzKzAAtb
DQP9SDBayRO7NOq9bTu5szCDeiNcEP86s2F1QWShsFu997Lf76Y2Hg4ZOoOkOKjc
sq4APPkI8X2tYQAJ3G/HV9HMdsYTadKp3T//aiMHvQRxh0OvRRRgBigycBxe+mQQ
31P0gacZl7vIbPJMXbaLsB5KFz3gJAdzACMSoZehDTsDTUHndxry7ROHar0p1Plh
lNCIxg/WJjNmT31Ud3qMqtuGS2U4vdfxxWyP9TNei8eUD7rnKvGjhQuUIZC6FQwl
b+hhejxOcWaTgahad/SLwNbDMXIBvzx7L1wokNiMUu1GUiI/RYEBtuO0TExlGhPd
mvZF2EY359tO8hkPQqGv83kuIEOjM3Ij9r+pxuPsC3JSSFyH56av1qTYXRX/jICi
wzctr4sFK8gn03jAvMbZb8Rv6Cv408tVgYHtLUuhR04Vx2H47kfGhsqO0GW8a8NU
OxIIXPrP/buHa2Xicr9pQgBrC6mLMSDc3LEn0dawX+qEEhCl2kIN4O8Z8lEtDavA
9btaHhAWZu78
=OMDj
-----END PGP SIGNATURE-----