Debian Package Tracker

general

source: mosquitto (main)
version: 1.5.7-1
maintainer: Roger A. Light [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.3.4-2+deb8u1
old-sec: 1.3.4-2+deb8u3
stable: 1.4.10-3+deb9u2
stable-sec: 1.4.10-3+deb9u4
stable-p-u: 1.4.10-3+deb9u4
testing: 1.5.7-1
unstable: 1.5.7-1

versioned links

1.3.4-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.4-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.10-3+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.10-3+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.7-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmosquitto-dev
libmosquitto1
libmosquittopp-dev
libmosquittopp1
mosquitto
mosquitto-clients
mosquitto-dev

action needed

A new upstream version is available: 1.6.0 high

A new upstream version 1.6.0 is available, you should consider packaging it.

Created: 2019-03-01 Last update: 2019-04-23 10:02

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2017-12-03 Last update: 2019-04-23 04:13

Depends on packages which need a new maintainer normal

The packages that mosquitto depends on which need a new maintainer are:

lsb (#924519)
- Depends: lsb-base

Created: 2019-03-13 Last update: 2019-04-23 13:39

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-03-13 Last update: 2019-03-13 05:43

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2017-7655: In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
CVE-2018-12550: When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
CVE-2018-12546: In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.
CVE-2018-12551: When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

Please fix them.

Created: 2019-02-08 Last update: 2019-04-05 00:42

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2017-7655: In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.

Please fix it.

Created: 2019-03-29 Last update: 2019-04-05 00:42

testing migrations

This package will soon be part of the auto-libwebsockets transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-03-03] mosquitto 1.5.7-1 MIGRATED to testing (Debian testing watch)
[2019-02-21] Accepted mosquitto 1.5.7-1 (source) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2019-02-20] mosquitto 1.5.6-1 MIGRATED to testing (Debian testing watch)
[2019-02-18] Accepted mosquitto 1.4.10-3+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2019-02-18] Accepted mosquitto 1.4.10-3+deb9u3 (source) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2019-02-17] Accepted mosquitto 1.4.10-3+deb9u4 (source) into stable->embargoed, stable (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2019-02-12] Accepted mosquitto 1.5.6-1 (source) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2019-02-10] Accepted mosquitto 1.4.10-3+deb9u3 (source) into stable->embargoed, stable (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2018-12-28] mosquitto 1.5.5-1.1 MIGRATED to testing (Debian testing watch)
[2018-12-22] Accepted mosquitto 1.5.5-1.1 (source) into unstable (Andreas Henriksson)
[2018-12-13] Accepted mosquitto 1.5.5-1 (source amd64 all) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2018-11-29] mosquitto 1.5.4-1 MIGRATED to testing (Debian testing watch)
[2018-11-23] Accepted mosquitto 1.5.4-1 (source) into unstable (Roger A. Light) (signed by: Andreas Henriksson)
[2018-10-27] Accepted mosquitto 1.4.10-3+deb9u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Thorsten Alteholz)
[2018-10-25] Accepted mosquitto 1.4.10-3+deb9u2 (source amd64 all) into stable->embargoed, stable (Thorsten Alteholz)
[2018-09-28] Accepted mosquitto 1.3.4-2+deb8u3 (source amd64 all) into oldstable (Thorsten Alteholz)
[2018-06-29] Accepted mosquitto 1.3.4-2+deb8u2 (source amd64 all) into oldstable (Thorsten Alteholz)
[2018-04-19] mosquitto 1.4.15-2 MIGRATED to testing (Debian testing watch)
[2018-04-08] Accepted mosquitto 1.4.15-2 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2018-04-01] Accepted mosquitto 0.15-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2018-04-01] Accepted mosquitto 0.15-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2018-03-03] mosquitto 1.4.15-1 MIGRATED to testing (Debian testing watch)
[2018-03-01] Accepted mosquitto 1.4.15-1 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2018-02-14] Accepted mosquitto 1.4.10-3+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Gianfranco Costamagna)
[2018-01-01] mosquitto 1.4.14-2 MIGRATED to testing (Debian testing watch)
[2017-12-27] Accepted mosquitto 1.4.14-2 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2017-12-24] Accepted mosquitto 1.4.14-1 (source) into unstable (Roger A. Light) (signed by: Gianfranco Costamagna)
[2017-10-26] Accepted mosquitto 0.15-2+deb7u2 (source amd64 all) into oldoldstable (Roger A. Light) (signed by: Raphaël Hertzog)
[2017-06-11] Accepted mosquitto 1.3.4-2+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Roger A. Light) (signed by: Salvatore Bonaccorso)
[2017-06-01] mosquitto 1.4.10-3 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.5.7-1
2 bugs