Accepted mosquitto 1.4.15-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Feb 2018 11:29:47 +0000
Source: mosquitto
Binary: mosquitto mosquitto-dev libmosquitto1 libmosquitto-dev libmosquittopp1 libmosquittopp-dev mosquitto-clients mosquitto-dbg libmosquitto1-dbg libmosquittopp1-dbg
Architecture: source
Version: 1.4.15-1
Distribution: unstable
Urgency: high
Maintainer: Roger A. Light <roger@atchoo.org>
Changed-By: Roger A. Light <roger@atchoo.org>
Description:
libmosquitto-dev - MQTT version 3.1/3.1.1 client library, development files
libmosquitto1 - MQTT version 3.1/3.1.1 client library
libmosquitto1-dbg - debugging symbols for libmosquitto binaries
libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
libmosquittopp1 - MQTT version 3.1/3.1.1 client C++ library
libmosquittopp1-dbg - debugging symbols for libmosquittopp binaries
mosquitto - MQTT version 3.1/3.1.1 compatible message broker
mosquitto-clients - Mosquitto command line MQTT clients
mosquitto-dbg - debugging symbols for mosquitto binaries
mosquitto-dev - Development files for Mosquitto
Changes:
mosquitto (1.4.15-1) unstable; urgency=high
.
* SECURITY UPDATE: If a SIGHUP is sent to the broker when there are no more
file descriptors, then opening the configuration file will fail and
security settings will be set back to their default values.
- debian/patches/mosquitto-1.4.10_cve-2017-7652.patch: When reloading
configuration, do this into a separate config struct. If nothing fails,
then copy the new config over the old config.
- CVE-2017-7652
* SECURITY UPDATE: Unauthenticated clients can cause excessive memory usage.
This has the potential to lead to an OOM situation and the broker being
killed by the system.
- debian/patches/mosquitto-1.4.10_cve-2017-7652.patch: Limit the maximum
size of CONNECT packet to a reasonable value, and add "memory_limit"
option to set the maximum memory the broker will use.
- CVE-2017-7651
* New upstream release.
* Remove upstart support, which had accidently been reinstated in 1.4.14-2.
* Bumped standards version to 4.1.3, no changes required.
* Fix global-files-wildcard-not-first-paragraph-in-dep5-copyright.
Checksums-Sha1:
3ef1d939e790a9622ef0636c9467b28f76ff6498 2492 mosquitto_1.4.15-1.dsc
e3216a608b19ec56341e0897a12cb178f0b085ca 368961 mosquitto_1.4.15.orig.tar.gz
4fbbc2e82f2dcab0f2d8d1ca429f394121cc46cc 25832 mosquitto_1.4.15-1.debian.tar.xz
fc8a093f9a43b60831cca471f0ba0866bf846346 6725 mosquitto_1.4.15-1_source.buildinfo
Checksums-Sha256:
72596ccb967b942634f01febc36b43085cc25b3b7f48b14e2242b1b1be04554f 2492 mosquitto_1.4.15-1.dsc
7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83 368961 mosquitto_1.4.15.orig.tar.gz
81380e304f5303750ff1f3b161256845a9b0bcb6112013a82d984006e5b674e4 25832 mosquitto_1.4.15-1.debian.tar.xz
4a06a4540ee47a2cd29f4e76b68f853432f4590af75323e84003667534a24d5b 6725 mosquitto_1.4.15-1_source.buildinfo
Files:
88a2c5abd4af2b101514f730462f4f99 2492 net optional mosquitto_1.4.15-1.dsc
546cb1ce35cc3f7d23e6d2f1f9a962e7 368961 net optional mosquitto_1.4.15.orig.tar.gz
4b1f5d77ed3a3fd8f3bde304edc42137 25832 net optional mosquitto_1.4.15-1.debian.tar.xz
9faf4cd2bb4129307bad077e373b2abd 6725 net optional mosquitto_1.4.15-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJal+rHAAoJEPNPCXROn13ZMR0P/Rdqw66kwCyProcSR1zD4RhZ
uyIGF1x3Zn7SzstsIuFQ+iJPBjlkYt6hXwRKGDX1MaqXuVO5i/lWosnngL4b0kg9
in5vat3+3kvNO/a6GFjKPQspad/cYd/kx5kUKJTivIPFG26ZVx47744HFTnrinKE
5rZwTORrWl+M/5o0I9eNUAfNDQk6oEYNtKVS+phXZgH6DEkq0JAQETM2R4HYpFqX
l2We7LXN6ado/tRkVxOjQZIxkmqKaQRMlh+OJUKhkL5ZYbfA8ZQSQLGJG7JPNmtk
WyuJBXu3V6yqgVuqtHT8wp4Zor/XOSPNUPuBLN5FTur25IWNu7idbqCcWLPQPkIp
3J0IqjJpZSxppg5nf/Z2WbIhlnuwVUGLJe1v33mgv6TVfEyQI2ueECZHNlrcAgsy
iw7dUVSBGBCbpbWrBBAQH43V/2Tp6WWfHR3Tb0kyiBx+BgTAHXIWTYz1nTDJeZRg
rPKuz3dy7ltP/56C3rMVrdBApD9HHE+t1vtuby6+qxatmavye5UfqLYk6ngThs8+
EAPYfuu3QQ0btB29i2bUOlEuFVcB+rFKIGZ01qOPR4+ZZrUsU2adknjBzxg/B28X
OW2OzQaDf3BsjzYAgTBhDP4UlSfIKqJbvgvgFKVaZSCLhKpbClNVr+BLoAm07/QD
7Cb3Rdd8rVK9t6uxZiZx
=wHov
-----END PGP SIGNATURE-----