*** This bug is a security vulnerability *** Public security bug reported:
The current available version of mosquitto pacakged in ubuntu (for all versions) is vulnerable to 2 cve's announced recently, including one for a potential DOS attach from unauthorized users. More details on this can be found at: https://mosquitto.org/blog/2018/02/security-advisory- cve-2017-7651-cve-2017-7652/ which includes links to patches for the CVEs. Or we can just update to 1.4.15 which should be backwards compatible. ** Affects: mosquitto (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1752591 Title: CVE-2017-7651 and CVE-2017-7652 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
