Format: 1.8 Date: Wed, 28 Feb 2018 11:29:47 +0000 Source: mosquitto Binary: mosquitto mosquitto-dev libmosquitto1 libmosquitto-dev libmosquittopp1 libmosquittopp-dev mosquitto-clients mosquitto-dbg libmosquitto1-dbg libmosquittopp1-dbg Architecture: source Version: 1.4.15-0mosquitto1~artful1 Distribution: artful Urgency: high Maintainer: Roger A. Light Changed-By: Roger A. Light Description: libmosquitto-dev - MQTT version 3.1/3.1.1 client library, development files libmosquitto1 - MQTT version 3.1/3.1.1 client library libmosquitto1-dbg - debugging symbols for libmosquitto binaries libmosquittopp-dev - MQTT version 3.1 client C++ library, development files libmosquittopp1 - MQTT version 3.1/3.1.1 client C++ library libmosquittopp1-dbg - debugging symbols for libmosquittopp binaries mosquitto - MQTT version 3.1/3.1.1 compatible message broker mosquitto-clients - Mosquitto command line MQTT clients mosquitto-dbg - debugging symbols for mosquitto binaries mosquitto-dev - Development files for Mosquitto Changes: mosquitto (1.4.15-0mosquitto1~artful1) artful; urgency=high . * SECURITY UPDATE: If a SIGHUP is sent to the broker when there are no more file descriptors, then opening the configuration file will fail and security settings will be set back to their default values. - debian/patches/mosquitto-1.4.10_cve-2017-7652.patch: When reloading configuration, do this into a separate config struct. If nothing fails, then copy the new config over the old config. - CVE-2017-7652 * SECURITY UPDATE: Unauthenticated clients can cause excessive memory usage. This has the potential to lead to an OOM situation and the broker being killed by the system. - debian/patches/mosquitto-1.4.10_cve-2017-7652.patch: Limit the maximum size of CONNECT packet to a reasonable value, and add "memory_limit" option to set the maximum memory the broker will use. - CVE-2017-7651 * New upstream release. * Remove upstart support, which had accidently been reinstated in 1.4.14-2. * Bumped standards version to 4.1.3, no changes required. * Fix global-files-wildcard-not-first-paragraph-in-dep5-copyright. Checksums-Sha1: c1e36dfcbe1fd157c08ade4fc2cd1bf08898882f 2581 mosquitto_1.4.15-0mosquitto1~artful1.dsc e3216a608b19ec56341e0897a12cb178f0b085ca 368961 mosquitto_1.4.15.orig.tar.gz 4c714c76e78bd9e75b59b42a17ae5f6d0dc73cfc 25968 mosquitto_1.4.15-0mosquitto1~artful1.debian.tar.xz Checksums-Sha256: c6760af550ea9a38037f0ac7a810b49eb41ff447a92aa42bd6cbb7a57be29ed3 2581 mosquitto_1.4.15-0mosquitto1~artful1.dsc 7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83 368961 mosquitto_1.4.15.orig.tar.gz c3c4a926f1fbf96221d0a5ad5f48f35be51328db59261e9c2db5f0169138f206 25968 mosquitto_1.4.15-0mosquitto1~artful1.debian.tar.xz Files: 62d441f517cc90260300f52a3e9211df 2581 net optional mosquitto_1.4.15-0mosquitto1~artful1.dsc 546cb1ce35cc3f7d23e6d2f1f9a962e7 368961 net optional mosquitto_1.4.15.orig.tar.gz 678753765cb51d51b5178434caf0acf0 25968 net optional mosquitto_1.4.15-0mosquitto1~artful1.debian.tar.xz