Control: retitle -1 mosquitto: CVE-2021-41039: Possible DoS Attack caused by unlimited number of "user properties"
Hi On Thu, Dec 02, 2021 at 10:16:38PM +0100, Salvatore Bonaccorso wrote: > Source: mosquitto > Version: 2.0.11-1 > Severity: important > Tags: security upstream > Forwarded: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > Hi, > > The following vulnerability was published for mosquitto. > > CVE-2021-34434[0]: > | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic > | security plugin, if the ability for a client to make subscriptions on > | a topic is revoked when a durable client is offline, then existing > | subscriptions for that client are not revoked. Apologies, something went wrong when I now filled this bugreport. Here are the corrections, this is about CVE-2021-41039. Upstream report: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f Regards, Salvatore

