* SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
set to '+' or '#' (LP: #1692818).
- debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive
of messages to/from clients with a '+', '#' or '/' in their
username/client id.
- CVE-2017-7650
-- <email address hidden> (Roger A. Light) Tue, 23 May 2017 22:14:40 +0100
This bug was fixed in the package mosquitto - 0.15-2ubuntu1.1
---------------
mosquitto (0.15-2ubuntu1.1) trusty-security; urgency=low
* SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id patches/ mosquitto- 0.15_cve- 2017-7650. patch: Reject send/receive client id.
set to '+' or '#' (LP: #1692818).
- debian/
of messages to/from clients with a '+', '#' or '/' in their
username/
- CVE-2017-7650
-- <email address hidden> (Roger A. Light) Tue, 23 May 2017 22:14:40 +0100