Back to mosquitto PTS page

Accepted mosquitto 1.6.6-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted mosquitto 1.6.6-1 (source) into unstable
From: roger@atchoo.org (Roger A. Light)
Date: Wed, 18 Sep 2019 08:50:33 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1iAVfV-0000ZA-9c@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Sep 2019 18:41:36 +0100
Source: mosquitto
Architecture: source
Version: 1.6.6-1
Distribution: unstable
Urgency: high
Maintainer: Roger A. Light <roger@atchoo.org>
Changed-By: Roger A. Light <roger@atchoo.org>
Closes: 940229
Changes:
 mosquitto (1.6.6-1) unstable; urgency=high
 .
   * SECURITY UPDATE: If an MQTT v5 client connects to Mosquitto, sets a last
     will and testament, sets a will delay interval, sets a session expiry
     interval, and the will delay interval is set longer than the session
     expiry interval, then a use after free error occurs, which has the
     potential to cause a crash in some situations.
     - CVE awaiting assignment
   * SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
     containing a topic that consists of approximately 65400 or more '/'
     characters, i.e. the topic hierarchy separator, then a stack overflow will
     occur.
     - CVE awaiting assignment
   * New upstream release.
   * Remove bug-1367.patch.
   * Don't use killall in mosquitto.logrotate. Closes: #940229.
Checksums-Sha1:
 45382cbb0055da2f9d1e21d2918b54f5da0b8315 2552 mosquitto_1.6.6-1.dsc
 ac59325413df2b320faea52514c817682dea9826 589676 mosquitto_1.6.6.orig.tar.gz
 0bf0ca9bb97a59f2228bdb77fb218f4a6b573098 833 mosquitto_1.6.6.orig.tar.gz.asc
 ae8d2173e06742b2398ca73b51ca48b70a7ee9c4 17488 mosquitto_1.6.6-1.debian.tar.xz
 9a92a2af9885adaaf5a29c8f2f545322e37e052f 8527 mosquitto_1.6.6-1_amd64.buildinfo
Checksums-Sha256:
 c390a30bc9b685aca4ec5667c88f35d91f4c208c265be763f37fb638090af0e8 2552 mosquitto_1.6.6-1.dsc
 82676bf4201ff102be1511b56b041a9450fbbfeda40b21aa28be0fee56e8de17 589676 mosquitto_1.6.6.orig.tar.gz
 9b43e0de358e2850e54777cab7ce04a1ab86dc4b356a5803ceabbd7beb0c9b64 833 mosquitto_1.6.6.orig.tar.gz.asc
 ae04f1f5386c8114175094d12207f30c1ca75830d1fde99894588ee9b121235e 17488 mosquitto_1.6.6-1.debian.tar.xz
 68f3724a59094693fc006a322b0d5d3bbaa5e69f0a5d720b28f0cee74234ab8e 8527 mosquitto_1.6.6-1_amd64.buildinfo
Files:
 f783935680c65e3bf2a30ef8b2288d2a 2552 net optional mosquitto_1.6.6-1.dsc
 529b6de33bac18363c2db46194d8d91c 589676 net optional mosquitto_1.6.6.orig.tar.gz
 085c7616539607ed9a80d7f00b0bd31b 833 net optional mosquitto_1.6.6.orig.tar.gz.asc
 81aa9a8d8302f34d039823425d163dbb 17488 net optional mosquitto_1.6.6-1.debian.tar.xz
 56c4fad4af7687c40f12394cf9ce4c50 8527 net optional mosquitto_1.6.6-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAl2B7hYACgkQC8R9xk0T
UwbR0Q//VOEJvdcyf34ewyi6LVChS5/rbFVAVJBiYJweAROaA7S7PiIwvKc6QvtV
vatGnC7UtM6hA4FXoYuJ6idrxVQFz12iQfamCHV1rzvMml/yaexBWjmQLHO9tJbK
D1KcNsMrR3N4atv2Qavea0zBeQKhj6hAoxmR0F8ien6Z1ld8ReghL+nxRWtAR0lv
KXf0/mkwlbdQFcEuLwu5uFvMgSnzSKLGVxJqVKmFTJDN1GhmRM9bdKjjFjF7ElLG
il5yG45/it6gy2rEdH0UpnUi+7TlShtwk/mJantP1BEE+BWF/dxYBN1/eqyUVuXn
U/pFmdDdv6vsIYLnUM7dyNWiPSy5vaVwHGgtIgyeLNO+Mg5Jd7AUXqL5j7r/uzE3
wyEhsp7L813i7ynRvvlXaSxhb8vGCoC7cDPpmYXll9HPwLEbZOLrAar20EBYPJuf
O7vv7j8GZ4na3Jf9+I4ptDii4jPRe89zCHCVDfhueHTOwVdlfn3PpU52wCvohdi/
ioQCNOoO8UbQra8Adf+ozKKz5+hHfPM4VgZL0i+Y+LwXtEDH12+tpROnhtAz3Ygw
3x92LpVhxxizb7tmMuXffTCJj4PFH+8kyS4m2eGtiWs/0yAPqADKssFOZnr394WZ
Eb5iRUHubfJyz2oEI0hQKKD/sBz8U5IlGFP8FKMjUqTNV+I1Lqg=
=wobZ
-----END PGP SIGNATURE-----