Your message dated Sat, 17 Apr 2021 16:27:13 +0000 with message-id <e1lxnmr-000hp2...@fasolo.debian.org> and subject line Bug#986701: fixed in mosquitto 2.0.10-1 has caused the Debian Bug report #986701, regarding mosquitto: CVE-2021-28166 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 986701: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986701 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mosquitto Version: 2.0.9-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for mosquitto. CVE-2021-28166[0]: | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated | client that had connected with MQTT v5 sent a crafted CONNACK message | to the broker, a NULL pointer dereference would occur. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-28166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166 [1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mosquitto Source-Version: 2.0.10-1 Done: Roger A. Light <ro...@atchoo.org> We believe that the bug you reported is fixed in the latest version of mosquitto, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 986...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roger A. Light <ro...@atchoo.org> (supplier of updated mosquitto package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 10 Apr 2021 00:41:35 +0100 Source: mosquitto Architecture: source Version: 2.0.10-1 Distribution: unstable Urgency: high Maintainer: Roger A. Light <ro...@atchoo.org> Changed-By: Roger A. Light <ro...@atchoo.org> Closes: 986701 Changes: mosquitto (2.0.10-1) unstable; urgency=high . * SECURITY UPDATE: In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. (Closes: #986701) - CVE-2021-28166 * New upstream release. Checksums-Sha1: d9b54f2b9a5682260f05caa254adfc464dd14f34 2440 mosquitto_2.0.10-1.dsc 7a7fd91f1619c194e0f9b2e3db0f4eadb9e9da75 759106 mosquitto_2.0.10.orig.tar.gz 7eb4b1e4bc89df5621331dab8f1529e69c13c19b 19812 mosquitto_2.0.10-1.debian.tar.xz d2479ae8a5f4de9f394a9c3c8e6ed174a52291bf 9380 mosquitto_2.0.10-1_source.buildinfo Checksums-Sha256: 8ed25a9d446c20f30364199aee2fc7933cf63718428585a777ca9fd71dfbc890 2440 mosquitto_2.0.10-1.dsc 0188f7b21b91d6d80e992b8d6116ba851468b3bd154030e8a003ed28fb6f4a44 759106 mosquitto_2.0.10.orig.tar.gz a1137210d94c1a450afa0ad67645a8883a9a84299f80eb4fc80cd09d3cbd3bd2 19812 mosquitto_2.0.10-1.debian.tar.xz 220ad5a610414a705c500c1e11bf76ebb6e6c1e2bc1f6e8cf010e4ccd8841a1b 9380 mosquitto_2.0.10-1_source.buildinfo Files: 15587b9281cc35c213b2afa88eed0a74 2440 net optional mosquitto_2.0.10-1.dsc 3d1c327d8c5881f56983bee1e3c8f068 759106 net optional mosquitto_2.0.10.orig.tar.gz fc517159caf4195d43fad415e3435252 19812 net optional mosquitto_2.0.10-1.debian.tar.xz a043f7bf5908062062906e527c5ce5ce 9380 net optional mosquitto_2.0.10-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAmB7B8IACgkQ808JdE6f XdkNjw/+M5x1saOdh0XVDJe8ZYrrHKrgwfqX7saPpgPUTVc+MghCOQu781KCkVPi xUxV9YI//VW3iJDA3Of0mhZDH1wB0sxkK9nFHqjv0yS1vKsHZ1pdFzrRoC1kIFZc brXLDaIsCUSHJSfUOfTr1LafvCSTghsykErrwee3yS5H5y1fSvzvmf8z8qfNpUx0 DUpaveOqq0yGYr7NlyHBv56ZS5fzLG0i79gj27ynCY5AuJj6EMfkw+Xey7BBNnFc hh3RKlbhnV8Mk7nNgTcpsKXBfvWIgyinJMZiuqDbGU44oVfi7GQUcmn4LX9HbYpG o+E/iGCWfSKO2GFyeoGF9ecJVtP1/nFTmhG/mHox+0o60ZGvKsLx/tm7xOm8O1Su +4BY98AY3kGrzmFAr37o8z5Esxwyxc859Na2aUvNeXRwK/coPNfoNEc2/l7MAfK1 qFoH5m+/Keyx+zte8ac40oVKvwEY4B+cx1iah5kuOF/r87Cmst51GdUmlSbIqmya XDxihoMARtkK6n7aTn0Nbyo5j1m6u/9pms86yErPX7mcxbZu4uxZlLtBpaCiZ2bf cCikzTYEqRP8hSLgCJeh0+MaO9LDXhaz6/mW80Qda4Ww28Vil07kWfvaXvu5fO6+ kfBwOtgb9jflA9nXYNOj4oerHCrcRbmyZ2YJWEQQy9DKyNlJBAk= =JAPo -----END PGP SIGNATURE-----
--- End Message ---
