Your message dated Sun, 10 Aug 2014 01:33:43 +0000
with message-id <[email protected]>
and subject line Bug#754787: fixed in mosquitto 1.3.4-1
has caused the Debian Bug report #754787,
regarding mosquitto: does not handle errors from authentication plugins
correctly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
754787: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754787
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mosquitto
Version: 1.2.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
If an end user uses mosquitto with an authentication plugin, and the
plugin returns an application error when making an authentication check
(such as if a database was unavailable), then mosquitto incorrectly
treats this as a successful authentication.
This has the potential for unauthorised clients to access the running
mosquitto broker and gain access to information to which it is not
authorised. In general this does not represent a wider security hole.
No authentication plugins are provided with mosquitto and there are only
a limited number of examples available on the internet, so it is
unlikely that this bug will affect many installations.
--- End Message ---
--- Begin Message ---
Source: mosquitto
Source-Version: 1.3.4-1
We believe that the bug you reported is fixed in the latest version of
mosquitto, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roger A. Light <[email protected]> (supplier of updated mosquitto package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 06 Aug 2014 00:43:39 +0100
Source: mosquitto
Binary: mosquitto libmosquitto1 libmosquitto-dev libmosquittopp1
libmosquittopp-dev mosquitto-clients python-mosquitto python3-mosquitto
mosquitto-dbg
Architecture: source amd64 all
Version: 1.3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Roger A. Light <[email protected]>
Changed-By: Roger A. Light <[email protected]>
Description:
libmosquitto-dev - MQTT version 3.1 client library, development files
libmosquitto1 - MQTT version 3.1 client library
libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
libmosquittopp1 - MQTT version 3.1 client C++ library
mosquitto - MQTT version 3.1/3.1.1 compatible message broker
mosquitto-clients - Mosquitto command line MQTT clients
mosquitto-dbg - debugging symbols for mosquitto binaries
python-mosquitto - MQTT version 3.1 Python client library
python3-mosquitto - MQTT version 3.1 Python 3 client library
Closes: 725014 754787
Changes:
mosquitto (1.3.4-1) unstable; urgency=medium
.
* New upstream release: http://mosquitto.org/2014/08/version-1-3-4-released/
(closes: #725014, #754787)
* Add dependency on libuuid, c-ares.
* Bumped standards version to 3.9.5. No changes needed.
* Example config files are now installed to
/usr/share/doc/mosquitto/examples/
* debian/copyright year updated.
* compiling.txt is no longer distributed.
* Updated debian/copyright with new dates.
Checksums-Sha1:
6105efcdcd94505b793ec9a908e67cd29993ea5b 2431 mosquitto_1.3.4-1.dsc
b818672cc0db723995d7c3201ef6962931dd891a 351761 mosquitto_1.3.4.orig.tar.gz
7f3ba031ef4e794219bac545bb81c5d36f68bb9b 20048 mosquitto_1.3.4-1.debian.tar.xz
dc9410f99a6aa06e4c170f35476df1ccc3ad46e0 110292 mosquitto_1.3.4-1_amd64.deb
7773de44e0ef4422c2a26a001cd2179d9983d5ad 41532 libmosquitto1_1.3.4-1_amd64.deb
087b79737c72a44e7dcecb8864b9d050ff2c7231 32286 libmosquitto-dev_1.3.4-1_all.deb
3de18bf2fa690bd2cec6d6f174d285f4c3b5808f 24674
libmosquittopp1_1.3.4-1_amd64.deb
5249c7b2d3eedf39ee4eb42d42f38cdb514ed666 20976
libmosquittopp-dev_1.3.4-1_all.deb
fc53d6a665a9b7f2af179225e7084a902b644e4a 40856
mosquitto-clients_1.3.4-1_amd64.deb
98b7bfd31cbe36fbb2f103f6c54a06e69eaace39 34526 python-mosquitto_1.3.4-1_all.deb
0598425ddf7d3b0b9b4399f3d536aceefb9d79fd 34616
python3-mosquitto_1.3.4-1_all.deb
09d6125c6dbd74b935fd21051056eed4c1a28f50 539484 mosquitto-dbg_1.3.4-1_amd64.deb
Checksums-Sha256:
1fe9b6b9976cf9e5f7f1ed5902b456b497de7ee32c8e2d74b65b7ca85e05467c 2431
mosquitto_1.3.4-1.dsc
0a3982d6b875a458909c8828731da04772035468700fa7eb2f0885f4bd6d0dbc 351761
mosquitto_1.3.4.orig.tar.gz
4f23157e19d20434d3615c503719901497548e6ef0c7bd133057ef3fb153e473 20048
mosquitto_1.3.4-1.debian.tar.xz
c71ca43a75ecf97f99c13c5c1f386d650edef2955e46eae066057865456e0dd3 110292
mosquitto_1.3.4-1_amd64.deb
97b2d44c15661b8192cefff6b0fc58c22c89e2cd8be44171b98e4678fc8289db 41532
libmosquitto1_1.3.4-1_amd64.deb
a68b291372a1107fccc3bcecc5eed22b453b7a437d38a96a1dd8a7117b5c1af8 32286
libmosquitto-dev_1.3.4-1_all.deb
b89f503fae5473819593368d4296791be80cc34baaf4771ddb76ff7370386533 24674
libmosquittopp1_1.3.4-1_amd64.deb
2c52e5a2779af22384ed979949796ccb10687ff30d3a95924d040cfb8e48fa85 20976
libmosquittopp-dev_1.3.4-1_all.deb
728d1b984a0ea34f435e2c3d8e9e7b0f1057b2e88a0847c8a26f1a8b14c69e5a 40856
mosquitto-clients_1.3.4-1_amd64.deb
851f021dd2a51798c818b667433e6a6616047c993614bd0c9fa9d412bbd916cc 34526
python-mosquitto_1.3.4-1_all.deb
8bddc949f88f7cb55e019ce39fe5500d82081ebc826d3e283f78119bddfec5af 34616
python3-mosquitto_1.3.4-1_all.deb
0ecd7b709822e63066910e3d58bcd18ded823f317a1c3dd04ae34af6719ae6c4 539484
mosquitto-dbg_1.3.4-1_amd64.deb
Files:
f9cb50fc31b2df66bba233dd4129f788 110292 net optional
mosquitto_1.3.4-1_amd64.deb
239c1123be3ef70e288d3e3ec6a22acf 41532 libs optional
libmosquitto1_1.3.4-1_amd64.deb
eb749538614a2a06f1e2d20ae31f8cfe 32286 libdevel optional
libmosquitto-dev_1.3.4-1_all.deb
578095f2c15a34d7c7b0d6ee905fcd50 24674 libs optional
libmosquittopp1_1.3.4-1_amd64.deb
f4e01d10584c809fbe8dcdfd354eaf38 20976 libdevel optional
libmosquittopp-dev_1.3.4-1_all.deb
db4a8d2582468d4eabadfc9807920087 40856 net optional
mosquitto-clients_1.3.4-1_amd64.deb
dfdd68ff33c5469a5d8c98b02e3d8a82 34526 python optional
python-mosquitto_1.3.4-1_all.deb
8a634d0a791de1eabb8b37dd4d4ce328 34616 python optional
python3-mosquitto_1.3.4-1_all.deb
c661c49befeb63e1867b1397fb50d707 539484 debug extra
mosquitto-dbg_1.3.4-1_amd64.deb
e80fcffaf0a84dfcbf0c2f456763b3f6 2431 net optional mosquitto_1.3.4-1.dsc
9d729849efd74c6e3eee17a4a002e1e9 351761 net optional
mosquitto_1.3.4.orig.tar.gz
0c6cde28ab716969a8c2c1bce9485c0c 20048 net optional
mosquitto_1.3.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJT5sjGAAoJEN5juccE6+nvM3kQAIw9rb5oLkODPa/Oq4vDwCxf
jQ9hiIt3Rr3ote1VIDun8fI2G7mwNUyMGcl2kxg4AdLbKxf1ZhZJI6ElHLEN2ixs
phdKxQ0pnl09JNCQ4hBTQdpssee5bfpo5RDmsgfFRVzpgz6h/2HV3Z2HjcmJuMIx
suGJW7zTGfnYtQBG+L5o42GRRcS/sdbg6bueNPnWTl0AwBbvIsU+i2BqRimEW7ap
mHZThetBXwBy1uUIIiYny1AJ/mdUbhrrm+Q87Y5iNFZlCBEaQgGDgJvQ+Kel/dMR
84J4n14XnZAhH5FdmvFtGgS8wGClaZhzHi3UXaZHt/B3QSxIhUfk6JaD1KbbKtv4
sOYcxm2hAe/5Uegxz8v+n8BU+UjRdohRzOWrFtpB0qVnf9xVp7ug8l5DEQnCUcgE
+7Ptj1fiYmzdZoV49AcYH7wbacBq3NOsEdAMQtp8I4ooqr5SymTJB/tWpCVjLVWE
QL1v/e7Tu5doVCBr6hZpOjHO6XPvYqMGnlTpwm3Ecz3p6haO1vw5Tz5xHqHqaGGz
Hvs8MtknZisyoC4gLQXaGykUS2uvKv7ja9OdEcYTilU+T/9KCI+NIzzam7UGmWkw
smaZcmx48fDxcnF50ZcVghqUwjQREpFkBwFpF0+EswWa934M28NoB+6RgipEX0iH
q1zyPdp8n1T96UcJZ5xj
=xOsk
-----END PGP SIGNATURE-----
--- End Message ---
