mosquitto 1.5.6-1 source package in Ubuntu
Changelog
mosquitto (1.5.6-1) unstable; urgency=medium * SECURITY UPDATE: If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. - debian/patches/mosquitto-1.4.x-cve-2018-12551.patch: this fix introduces more stringent parsing tests on the password file data. - CVE-2018-12551 * SECURITY UPDATE: If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. - debian/patches/mosquitto-1.4.x-cve-2018-12550.patch: this fix ensures that if an ACL file is defined but no rules are defined, then access will be denied. - CVE-2018-12550 * SECURITY UPDATE: If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option `check_retain_source` has been introduced to enforce checking of the retained message source on publish. - debian/patches/mosquitto-1.4.8-cve-2018-12546.patch: this patch stores the originator of the retained message, so security checking can be carried out before re-publishing. The complexity of the patch is due to the need to save this information across broker restarts. - CVE-2018-12546 * New upstream release. * Bump standards version to 4.3.0, no changes needed. * fix-step3.patch: fix compilation error. -- Roger A. Light <email address hidden> Thu, 07 Feb 2019 16:00:52 +0000
Upload details
- Uploaded by:
- Roger Light
- Uploaded to:
- Sid
- Original maintainer:
- Roger Light
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
mosquitto_1.5.6-1.dsc | 2.2 KiB | 4c74e7c67559dbf949007b36b43629c098f138d593d9da890840401ffcdb0ea2 |
mosquitto_1.5.6.orig.tar.gz | 429.1 KiB | d5bdc13cc668350026376d57fc14de10aaee029f6840707677637d15e0751a40 |
mosquitto_1.5.6-1.debian.tar.xz | 16.8 KiB | b13f7ee7653f5d99891e6c860078491bf88f5bd55fc415cba442e0758b5e5e4d |
Available diffs
- diff from 1.5.5-1.1 to 1.5.6-1 (24.1 KiB)
No changes file available.
Binary packages built by this source
- libmosquitto-dev: No summary available for libmosquitto-dev in ubuntu disco.
No description available for libmosquitto-dev in ubuntu disco.
- libmosquitto1: No summary available for libmosquitto1 in ubuntu disco.
No description available for libmosquitto1 in ubuntu disco.
- libmosquitto1-dbgsym: No summary available for libmosquitto1-dbgsym in ubuntu disco.
No description available for libmosquitto1-
dbgsym in ubuntu disco.
- libmosquittopp-dev: No summary available for libmosquittopp-dev in ubuntu disco.
No description available for libmosquittopp-dev in ubuntu disco.
- libmosquittopp1: No summary available for libmosquittopp1 in ubuntu disco.
No description available for libmosquittopp1 in ubuntu disco.
- libmosquittopp1-dbgsym: No summary available for libmosquittopp1-dbgsym in ubuntu disco.
No description available for libmosquittopp1
-dbgsym in ubuntu disco.
- mosquitto: No summary available for mosquitto in ubuntu disco.
No description available for mosquitto in ubuntu disco.
- mosquitto-clients: No summary available for mosquitto-clients in ubuntu disco.
No description available for mosquitto-clients in ubuntu disco.
- mosquitto-clients-dbgsym: No summary available for mosquitto-clients-dbgsym in ubuntu disco.
No description available for mosquitto-
clients- dbgsym in ubuntu disco.
- mosquitto-dbgsym: No summary available for mosquitto-dbgsym in ubuntu disco.
No description available for mosquitto-dbgsym in ubuntu disco.
- mosquitto-dev: No summary available for mosquitto-dev in ubuntu disco.
No description available for mosquitto-dev in ubuntu disco.