UbuntuUpdates.org

Package "mosquitto-clients"

Name: mosquitto-clients

Description:

Mosquitto command line MQTT clients

Latest version: 0.15-2+deb7u3ubuntu0.1
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: mosquitto
Homepage: http://mosquitto.org/

Links


Download "mosquitto-clients"


Other versions of "mosquitto-clients" in Trusty

Repository Area Version
base universe 0.15-2ubuntu1
security universe 0.15-2+deb7u3ubuntu0.1

Changelog

Version: 0.15-2+deb7u3ubuntu0.1 2018-09-05 19:06:50 UTC

  mosquitto (0.15-2+deb7u3ubuntu0.1) trusty-security; urgency=medium

  * Merge from Debian. Remaining changes:
    - Install apparmor profile.
    - Replace init script with upstart script.

 -- Eduardo Barretto <email address hidden> Tue, 04 Sep 2018 16:54:44 -0300

Source diff to previous version

Version: 0.15-2ubuntu1.2 2017-08-04 03:06:44 UTC

  mosquitto (0.15-2ubuntu1.2) trusty-security; urgency=low

  * SECURITY UPDATE: Persistence file is world readable, which may expose
    sensitive data (LP: #1700490).
    - debian/patches/mosquitto-1.3.4_cve-2017-9868.patch: Set umask to
      restrict persistence file read access to owner.
    - CVE-2017-9868

 -- <email address hidden> (Roger A. Light) Mon, 26 Jun 2017 09:31:02 +0100

Source diff to previous version
1700490 Persistence file is world readable
CVE-2017-9868 In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic infor

Version: 0.15-2ubuntu1.1 2017-05-31 10:06:38 UTC

  mosquitto (0.15-2ubuntu1.1) trusty-security; urgency=low

  * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
    set to '+' or '#' (LP: #1692818).
    - debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive
      of messages to/from clients with a '+', '#' or '/' in their
      username/client id.
    - CVE-2017-7650

 -- <email address hidden> (Roger A. Light) Tue, 23 May 2017 22:14:40 +0100

1692818 Mosquitto pattern ACLs can be circumvented with special client ids or usernames



About   -   Send Feedback to @ubuntu_updates