mosquitto - Debian Package Tracker

general

source: mosquitto (main)
version: 2.0.21-1
maintainer: Debian IoT Maintainers (archive) (DMD)
uploaders: Joachim Zobel [DMD] [DM] – Philippe Coval [DMD] [DM] – Roger A. Light [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.5.7-1+deb10u1
o-o-sec: 1.5.7-1+deb10u1
oldstable: 2.0.11-1+deb11u1
old-sec: 2.0.11-1+deb11u2
stable: 2.0.11-1.2+deb12u1
stable-sec: 2.0.11-1.2+deb12u1
stable-bpo: 2.0.20-1~bpo12+1
testing: 2.0.21-1
unstable: 2.0.21-1

versioned links

1.5.7-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.11-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.11-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.11-1.2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.20-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.21-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmosquitto-dev
libmosquitto1
libmosquittopp-dev
libmosquittopp1
mosquitto (1 bugs: 0, 1, 0, 0)
mosquitto-clients
mosquitto-dev

action needed

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:08:01
Last run: 2025-03-13T04:30:15.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:01:52
Last run: 2025-03-21T20:15:07.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:05:33
Last run: 2025-03-25T07:56:18.000Z
Previous status: unknown

Created: 2025-03-03 Last update: 2025-04-01 05:31

debian/patches: 1 patch with invalid metadata, 1 patch to forward upstream high

Among the 3 debian patches available in version 2.0.21-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.
1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-03-22 21:30

Depends on packages which need a new maintainer normal

The packages that mosquitto depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2025-04-01 03:30

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-03-22 Last update: 2025-03-22 21:03

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2024-3935: (needs triaging) In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
CVE-2024-8376: (needs triaging) In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
CVE-2024-10525: (needs triaging) In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-10-12 Last update: 2025-03-24 04:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-03-11 Last update: 2024-03-11 02:03

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-03-22 18:27

news

[rss feed]

[2025-03-24] mosquitto 2.0.21-1 MIGRATED to testing (Debian testing watch)
[2025-03-22] Accepted mosquitto 2.0.21-1 (source) into unstable (Joachim Zobel)
[2025-02-20] Accepted mosquitto 2.0.11-1+deb11u2 (source amd64 all) into oldstable-security (Abhijith PA)
[2025-01-29] mosquitto 2.0.20-3 MIGRATED to testing (Debian testing watch)
[2025-01-26] Accepted mosquitto 2.0.20-3 (source) into unstable (Joachim Zobel)
[2025-01-23] mosquitto 2.0.20-2 MIGRATED to testing (Debian testing watch)
[2025-01-21] Accepted mosquitto 2.0.20-2 (source) into unstable (Joachim Zobel)
[2024-10-26] mosquitto 2.0.20-1 MIGRATED to testing (Debian testing watch)
[2024-10-22] Accepted mosquitto 2.0.20-1~bpo12+1 (source) into stable-backports (Philippe Coval)
[2024-10-21] Accepted mosquitto 2.0.20-1 (source) into unstable (Philippe Coval)
[2024-08-17] mosquitto 2.0.18-1.1 MIGRATED to testing (Debian testing watch)
[2024-08-13] Accepted mosquitto 2.0.18-1.1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-01-02] Accepted mosquitto 2.0.18-1~bpo12+1 (source) into stable-backports (Philippe Coval)
[2023-10-07] Accepted mosquitto 2.0.11-1+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2023-10-07] Accepted mosquitto 2.0.11-1.2+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
[2023-10-01] Accepted mosquitto 2.0.11-1+deb11u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Markus Koschany)
[2023-10-01] Accepted mosquitto 2.0.11-1.2+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Markus Koschany)
[2023-09-28] mosquitto 2.0.18-1 MIGRATED to testing (Debian testing watch)
[2023-09-25] Accepted mosquitto 2.0.18-1 (source) into unstable (Philippe Coval)
[2023-09-16] mosquitto 2.0.17-3 MIGRATED to testing (Debian testing watch)
[2023-09-13] Accepted mosquitto 2.0.17-3 (source) into unstable (Gianfranco Costamagna)
[2023-09-13] Accepted mosquitto 2.0.17-2 (source amd64 all) into unstable (Philippe Coval)
[2023-09-13] Accepted mosquitto 2.0.17-1 (source) into unstable (Gianfranco Costamagna)
[2023-08-15] Accepted mosquitto 2.0.15-2~bpo12+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Gianfranco Costamagna)
[2023-07-23] mosquitto 2.0.15-2 MIGRATED to testing (Debian testing watch)
[2023-07-21] Accepted mosquitto 2.0.15-2 (source) into unstable (Gianfranco Costamagna)
[2023-07-20] Accepted mosquitto 2.0.15-1 (source) into unstable (Gianfranco Costamagna)
[2023-01-09] mosquitto 2.0.11-1.2 MIGRATED to testing (Debian testing watch)
[2023-01-03] Accepted mosquitto 2.0.11-1.2 (source) into unstable (Salvatore Bonaccorso)
[2022-04-20] mosquitto 2.0.11-1.1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.0.21-1
4 bugs