ACK on the debdiffs in comments #2 and #3. I added the bug number to the changelog and adjusted the artful versioning.
Packages are building now and will be released as security updates today. Thanks! ** Also affects: mosquitto (Ubuntu Bionic) Importance: Undecided Status: Confirmed ** Also affects: mosquitto (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: mosquitto (Ubuntu Artful) Importance: Undecided Status: New ** Changed in: mosquitto (Ubuntu Bionic) Status: Confirmed => Fix Released ** Changed in: mosquitto (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: mosquitto (Ubuntu Artful) Status: New => Fix Committed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1752591 Title: CVE-2017-7651 and CVE-2017-7652 Status in mosquitto package in Ubuntu: Fix Released Status in mosquitto source package in Xenial: Fix Committed Status in mosquitto source package in Artful: Fix Committed Status in mosquitto source package in Bionic: Fix Released Bug description: The current available version of mosquitto pacakged in ubuntu (for all versions) is vulnerable to 2 cve's announced recently, including one for a potential DOS attach from unauthorized users. More details on this can be found at: https://mosquitto.org/blog/2018/02/security- advisory-cve-2017-7651-cve-2017-7652/ which includes links to patches for the CVEs. Or we can just update to 1.4.15 which should be backwards compatible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp