UbuntuUpdates.org

Package "mosquitto"

Name: mosquitto

Description:

MQTT version 3.1/3.1.1 compatible message broker

Latest version: 1.5.7-1ubuntu0.1
Release: disco (19.04)
Level: updates
Repository: universe
Homepage: https://mosquitto.org/

Links

Save this URL for the latest version of "mosquitto": https://www.ubuntuupdates.org/mosquitto


Download "mosquitto"


Other versions of "mosquitto" in Disco

Repository Area Version
base universe 1.5.7-1
security universe 1.5.7-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.7-1ubuntu0.1 2019-09-23 18:06:26 UTC

  mosquitto (1.5.7-1ubuntu0.1) disco-security; urgency=high

  * SECURITY UPDATE: If a malicious MQTT client sends a SUBSCRIBE packet
    containing a topic that consists of approximately 65400 or more '/'
    characters, i.e. the topic hierarchy separator, then a stack overflow will
    occur. LP: #1844377.
    - debian/patches/mosquitto-1.5.x-cve-2019-11779.patch: this patch restricts
      the hierarchy depth to 200.
    - CVE-2019-11779

 -- <email address hidden> (Roger A. Light) Wed, 18 Sep 2019 15:11:59 +0000

CVE-2019-11779 In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately



About   -   Send Feedback to @ubuntu_updates