Source: mosquitto Version: 2.0.11-1 Severity: important Tags: security upstream Forwarded: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for mosquitto. CVE-2021-34434[0]: | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic | security plugin, if the ability for a client to make subscriptions on | a topic is revoked when a durable client is offline, then existing | subscriptions for that client are not revoked. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-34434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34434 [1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 [2] https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f Regards, Salvatore