-
mosquitto (0.15-2+deb7u3ubuntu0.1) trusty-security; urgency=medium
* Merge from Debian. Remaining changes:
- Install apparmor profile.
- Replace init script with upstart script.
-- Eduardo Barretto <email address hidden> Tue, 04 Sep 2018 16:54:44 -0300
-
mosquitto (0.15-2ubuntu1.2) trusty-security; urgency=low
* SECURITY UPDATE: Persistence file is world readable, which may expose
sensitive data (LP: #1700490).
- debian/patches/mosquitto-1.3.4_cve-2017-9868.patch: Set umask to
restrict persistence file read access to owner.
- CVE-2017-9868
-- <email address hidden> (Roger A. Light) Mon, 26 Jun 2017 09:31:02 +0100
-
mosquitto (0.15-2ubuntu1.1) trusty-security; urgency=low
* SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
set to '+' or '#' (LP: #1692818).
- debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive
of messages to/from clients with a '+', '#' or '/' in their
username/client id.
- CVE-2017-7650
-- <email address hidden> (Roger A. Light) Tue, 23 May 2017 22:14:40 +0100
-
mosquitto (0.15-2ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Install apparmor profile.
- Replace init script with upstart script.
* debian/patches/fix-972389.patch: Drop, as it was applied in Debian as
bug-proto-number.patch.
mosquitto (0.15-2) unstable; urgency=low
* Fix broker crash when a client connects with a bad protocol version.
(Closes: #696889)
* Fix the possibility of topic access being granted when only acl_patterns
is in use. (Closes: #696895)
* Fix persistence option reloading. (Closes: #696891)
mosquitto (0.15-1) unstable; urgency=low
* New upstream release: http://mosquitto.org/2012/02/version-0-15-released/
* Updated debian/copyright to latest DEP-5.
* Removed now unnecessary man-hyphen-minus.patch.
-- Logan Rosen <email address hidden> Fri, 23 Aug 2013 15:09:02 -0400
