Comment 14 for bug 1692818

This bug was fixed in the package mosquitto - 1.4.8-1ubuntu0.16.10.1

---------------
mosquitto (1.4.8-1ubuntu0.16.10.1) yakkety-security; urgency=low

  * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
    set to '+' or '#' (LP: #1692818).
    - debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive
      of messages to/from clients with a '+', '#' or '/' in their
      username/client id.
    - CVE-2017-7650

 -- <email address hidden> (Roger A. Light) Tue, 23 May 2017 22:14:40 +0100