Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted mosquitto 1.3.4-2+deb8u4 (source amd64 all) into oldoldstable
Date: Sat, 26 Oct 2019 18:10:27 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Oct 2019 19:03:02 +0200
Source: mosquitto
Binary: mosquitto libmosquitto1 libmosquitto-dev libmosquittopp1 libmosquittopp-dev mosquitto-clients python-mosquitto python3-mosquitto mosquitto-dbg
Architecture: source amd64 all
Version: 1.3.4-2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Roger A. Light <roger@atchoo.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libmosquitto-dev - MQTT version 3.1 client library, development files
 libmosquitto1 - MQTT version 3.1 client library
 libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
 libmosquittopp1 - MQTT version 3.1 client C++ library
 mosquitto  - MQTT version 3.1/3.1.1 compatible message broker
 mosquitto-clients - Mosquitto command line MQTT clients
 mosquitto-dbg - debugging symbols for mosquitto binaries
 python-mosquitto - MQTT version 3.1 Python client library
 python3-mosquitto - MQTT version 3.1 Python 3 client library
Changes:
 mosquitto (1.3.4-2+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-11779
     Fix for processing a crafted SUBSCRIBE packet containing a topic
     that consists of approximately 65400 or more '/' characters.
     (setting TOPIC_HIERARCHY_LIMIT to 200)
   * CVE-2018-12550
     An ACL file with no statements was treated as having a default
     allow policy. The new behaviour of an empty ACL file is a default
     policy of access denied.
     (this is in compliance with all newer releases)
   * CVE-2018-12551
     Malformed authentication data in the password file could allow
     clients to circumvent authentication and get access to the broker.
   * CVE-2017-7655
     A Null dereference vulnerability in the Mosquitto library could
     lead to crashes for those applications using the library.
Checksums-Sha1:
 8e615eec8d678a2370dcde12dd5b1c1f844ed48f 2634 mosquitto_1.3.4-2+deb8u4.dsc
 b818672cc0db723995d7c3201ef6962931dd891a 351761 mosquitto_1.3.4.orig.tar.gz
 b8f7db14c91d4a08db75eac121b9ecea2155e97a 30036 mosquitto_1.3.4-2+deb8u4.debian.tar.xz
 b006bb4657cd41f9007bdb46ba685f8141bff45f 113378 mosquitto_1.3.4-2+deb8u4_amd64.deb
 1bcd129f14928dfd50d2dcfa3210631b8644972c 42704 libmosquitto1_1.3.4-2+deb8u4_amd64.deb
 b4320c7ae495c6841020b0097d75d00fa6d0e24e 33222 libmosquitto-dev_1.3.4-2+deb8u4_all.deb
 d9a84740766d97e56cd64e03c4d30903a7a4f4a6 25594 libmosquittopp1_1.3.4-2+deb8u4_amd64.deb
 aefe54460863fb44decb79971209e27d743d21c5 21878 libmosquittopp-dev_1.3.4-2+deb8u4_all.deb
 934c7e52be3f5d10f7a8b4f1eab1d51ad5ec5337 41812 mosquitto-clients_1.3.4-2+deb8u4_amd64.deb
 a0743dbc5c549cdd7cc830487f4a707dc6d130c2 35438 python-mosquitto_1.3.4-2+deb8u4_all.deb
 bdfca72ee3f84f802c8835b2cf7ccd711e2fab91 35502 python3-mosquitto_1.3.4-2+deb8u4_all.deb
 0bb42d9088ef233609f15c0ab604fbe3d80eafe0 545830 mosquitto-dbg_1.3.4-2+deb8u4_amd64.deb
Checksums-Sha256:
 4c4299e8b8b59d8499eb584da46b0073c0f5591c01510461e34bb7c4deee4998 2634 mosquitto_1.3.4-2+deb8u4.dsc
 0a3982d6b875a458909c8828731da04772035468700fa7eb2f0885f4bd6d0dbc 351761 mosquitto_1.3.4.orig.tar.gz
 6b5daf902d1534d27aacc91bd8e2da1691d21b5354f2b889ace625bfe989ea87 30036 mosquitto_1.3.4-2+deb8u4.debian.tar.xz
 b70042cfe00bd54b719900ba282b06b8cff98dddea95c410e04ee3460e7e472e 113378 mosquitto_1.3.4-2+deb8u4_amd64.deb
 6244948b0952dd86c2d9dad0b3b6ed115033d632376165141d6f3ebea4aa79a5 42704 libmosquitto1_1.3.4-2+deb8u4_amd64.deb
 6f8673fdc05ab96328f4ee681ec22df49996ef5ca0cc8251b57c718997ba668b 33222 libmosquitto-dev_1.3.4-2+deb8u4_all.deb
 deb13359474cad4fa376bc80951f2c5592e2f6aac8647cc1155fb376d8245264 25594 libmosquittopp1_1.3.4-2+deb8u4_amd64.deb
 40aa0d15a0529b516dcb333a9854879c2fdb23ee07929ed4215d8115bcd8a0ce 21878 libmosquittopp-dev_1.3.4-2+deb8u4_all.deb
 704a9ad50e61be8f256af884ee56ede71a8e5c9fba779ed480203658f9c4e4c2 41812 mosquitto-clients_1.3.4-2+deb8u4_amd64.deb
 b04316c83410a90251beef879c068a345338dc7fb55e0286cfc73e1958ca8af9 35438 python-mosquitto_1.3.4-2+deb8u4_all.deb
 f108ebf66a2f4dce9e7780e447481c4210828ab772a7b0ba317e20faa695fc33 35502 python3-mosquitto_1.3.4-2+deb8u4_all.deb
 b31b064fb757582c5360ac34d83dd82b9cc41ed162dd67a639889267e01e5d21 545830 mosquitto-dbg_1.3.4-2+deb8u4_amd64.deb
Files:
 09cc4ba6220138f8c3c893e9527d5ade 2634 net optional mosquitto_1.3.4-2+deb8u4.dsc
 9d729849efd74c6e3eee17a4a002e1e9 351761 net optional mosquitto_1.3.4.orig.tar.gz
 e27b28f376fc8b7828fa91f71508b40a 30036 net optional mosquitto_1.3.4-2+deb8u4.debian.tar.xz
 922fab2d1c6c9ab1b6040aec808f63c4 113378 net optional mosquitto_1.3.4-2+deb8u4_amd64.deb
 a3d914c28c958c6822751bf0c83d944f 42704 libs optional libmosquitto1_1.3.4-2+deb8u4_amd64.deb
 6e9c6685ea2a5e711dfba59ad3a24335 33222 libdevel optional libmosquitto-dev_1.3.4-2+deb8u4_all.deb
 3e006cd74eb92735f1ce45a5a392ab0a 25594 libs optional libmosquittopp1_1.3.4-2+deb8u4_amd64.deb
 c98ddab6a372b474048f4936e59f859a 21878 libdevel optional libmosquittopp-dev_1.3.4-2+deb8u4_all.deb
 efffe90332ce76f58138b07114e0d7bc 41812 net optional mosquitto-clients_1.3.4-2+deb8u4_amd64.deb
 8d0d1b9fc1c87a27430d76e73401f4e1 35438 python optional python-mosquitto_1.3.4-2+deb8u4_all.deb
 6670b277117a9c66f024430b6364b4ec 35502 python optional python3-mosquitto_1.3.4-2+deb8u4_all.deb
 1f33a32842ecb51e1a534d4bf7f3fa83 545830 debug extra mosquitto-dbg_1.3.4-2+deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl20iXhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRxYED/4+zJaiHcY/gpGV252kXQBoJ/j09WjZ
eLFrH9P8Tb7edp/m1dUXmBHESqTWQOsn52slwFN3Puv3A+j9gdPrpwE9vwhz/4jk
weXptRa4B22YbNf7Y5ALekIbv5IfwNDkYCuZGpDk9B7p3Rmpub1s0vQiMSTganWd
pGR2IRLWtwPYL1izrXftjW+johIHKEvvExqgT9SJUU3aWOMBU1Vq3UwaYZm5o5mF
P2sNUWKAOycuTVXVxAqNyrEyCxM7HeTWr7E5kOYSw3W3gHo7FOGdFIcP8PyVISBs
J2eG4EMkoYGfKrzYzjo3lYq2o02j+qQoE6ADmGsfVPxrDOfkLKHgD8vDE3qcjl9W
mkR+ZCLN1ZJH7OUMHUhudaCHlQ9HTxEqZDDx6IB02xXXVU8Qtzo8Wbtvr0A1f35P
yBzpcPeyGytr5ZaiRzYXv+wDlMQ1Otahv1PwlkNCOUvN0KIyLB55ooo+g8969dd4
VGOw6oQZMzPpYOvl8iz8qEUhGYtrmQ4Xq3EB86gkYelYe6bK/i6vQ4TQWJGysIrZ
YCdz5CVn7FdZbjJwL9QyCVHx5SXDUwsbcLlVLeS83Xl4rNdWq6eLpYOnWXb2mp5L
UgtoppbEfVXL5I3Cd3Syia9YltduLkAjTwRJt5LeS0BN7esNw2QpN6qK1k2QDct8
8LDxpsi9z+R/ug==
=X4G8
-----END PGP SIGNATURE-----
News for package mosquitto
