Thanks for taking a look at this. The application only creates this file and log files, so I don't believe it should have any other impact.
Regards, Roger On 10 February 2018 at 09:07, Julien Cristau <jcris...@debian.org> wrote: > Control: tag -1 moreinfo > > On Fri, Dec 22, 2017 at 23:47:34 +0000, Roger A. Light wrote: > >> +Description: Fix for CVE-207-9868. >> +Author: Roger Light <ro...@atchoo.org> >> +Forwarded: not-needed >> +Origin: upstream, >> https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch >> +--- a/src/persist.c >> ++++ b/src/persist.c >> +@@ -362,6 +362,10 @@ >> + _mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Error saving >> in-memory database, out of memory."); >> + return MOSQ_ERR_NOMEM; >> + } >> ++ >> ++ /* Restrict access to persistence file. */ >> ++ umask(0077); >> ++ >> + snprintf(outfile, len, "%s.new", db->config->persistence_filepath); >> + outfile[len] = '\0'; >> + > > Is this likely to negatively affect other files the application might > create? > > Cheers, > Julien
