-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mosquitto CVE ID : CVE-2019-11779 Debian Bug : 940654 A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy. For the stable distribution (buster), this problem has been fixed in version 1.5.7-1+deb10u1. We recommend that you upgrade your mosquitto packages. For the detailed security status of mosquitto please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mosquitto Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl3RcLtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SuPw/+Kjp7jhHNqBz7plrwenpurz3zVmuqmV/BIS5Ws8aydFK0mCx4/KDoT67G 1APNJfNnbOeSURcakSrTYINXoSDTp8+L6NEuEPBByFKZ3NPRRc8YFqaFhDSd0kuT F1hGToXa7KBgzGASIvDKKWRTC8zoywG8+cRJXkrFmWGh3EU9TFp9s0hYcEunvNXR k+fEeV9s91zaeODCR13dwBqJGmgpyJHKRCLLrVtxbpdh+4ibQK51mEXfR2USpXbE SDbk503qfLB3OPeHtP+CA7ueO2/elCcEHYQMvesl2dlEi4jXtOVMcDgq4tuYn1bE kKZY9WgF2LgxjaEgSJewYzxFqYYu/oZBKaZdFfDdaa5TnpFdAVOy9Oy6hIM3lWc1 KJgGoroI2SmLQD7MCUsXJ6DPrHhxC3BGz7/MGhSzrUNPK+WCDpo6bvqh5Xz3Br12 OmNNF1QIgoahx7pOeXpR3EuWVEWWXQxmiT/+o+JmXY8nmnYHMhqs7F3NGa+yaUpP 8nYZ+P0FsaassVQHDuB9SKDRKDfVkZGUg2aVGsVd5v+bej6cjznhdp4u6RtIVKPq OTmXaBEubdMLAYur1cqWguancj2vz2N5j/9odXuP8jW6f4fKU79QDHIXR5nIYrK6 knbd/pHvNdAAq96LgiKv3LqwdEnJKhj3hTJoLlS52dfqcUhp6Qs= =+aZe -----END PGP SIGNATURE-----