Debian
mosquitto package

mosquitto 1.3.4-2+deb8u1 source package in Debian

Changelog

mosquitto (1.3.4-2+deb8u1) jessie-security; urgency=high

  * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
    set to '+' or '#'.
    - debian/patches/mosquitto-1.3.4_cve-2017-7650.patch: Reject send/receive
      of messages to/from clients with a '+', '#' or '/' in their
      username/client id.
    - CVE-2017-7650

 -- Roger A. Light <email address hidden>  Tue, 23 May 2017 22:14:40 +0100

Upload details

Uploaded by:: Roger Light on 2017-07-22

Uploaded to:: Jessie

Original maintainer:: Roger Light

Architectures:: any all

Section:: net

Urgency:: Very Urgent

See full publishing history Publishing

Series	Pocket	Published	Component	Section
Jessie	release	on 2017-07-22	main	net

Builds

Downloads

File	Size	SHA-256 Checksum
mosquitto_1.3.4-2+deb8u1.dsc	2.6 KiB	7d3d25d3bd94467648f08b0e2f0f0a7d436d6dc555fec6f9e7cb6132868c99e3
mosquitto_1.3.4.orig.tar.gz	343.5 KiB	0a3982d6b875a458909c8828731da04772035468700fa7eb2f0885f4bd6d0dbc
mosquitto_1.3.4-2+deb8u1.debian.tar.xz	20.6 KiB	10d4428f9768e908500fe38b8e6d3ea9e949c48a187c713a7dc2277706bf75e1

No changes file available.

Debianmosquitto package

mosquitto 1.3.4-2+deb8u1 source package in Debian

Changelog

Upload details

See full publishing history Publishing

Builds

Downloads

Binary packages built by this source

Debian
mosquitto package