-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : mosquitto Version : 0.15-2+deb7u2 CVE ID : CVE-2017-9868 Debian Bug : 865959
mosquitto's persistence file (mosquitto.db) was created in a world-readable way thus allowing local users to obtain sensitive MQTT topic information. While the application has been fixed to set proper permissions by default, you still have to manually fix the permissions on any existing file. For Debian 7 "Wheezy", these problems have been fixed in version 0.15-2+deb7u2. We recommend that you upgrade your mosquitto packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/ -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEyBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyB54ACgkQA4gdq+vC mrmk1Af3YmnqEQ6UnQ1msJuq1Wv4floBLSIo7/eQ36uoIwZAOX8uMBjkEjXDO1k3 sfdfYTKbyHQK6tY5dV+8OTU/6QwhoH/k/71DNog99Y3a9RP3B0lvjjkcb7om7IEW lgLddJhl/OrLGgySVmWcqEp4lopNxUbGZM8aMecH+7ZzgF+M2Ehl6+nncVdI5Krl JuDd0WyU0VD0hIdw/5MzNT23Cl9M46otDKx/U8PZi2kjHJ9jHFVLqy4FVusX2Qrk Cqc0zxqixpb+IM5iaVcyPE0V9JqJMVc0b/HreK4itVpfOQd3BPbkjDA8ZMukSu+H kmb2PHqRg2XQEAiOQWMTIeMPhPQg =KTO2 -----END PGP SIGNATURE-----
