[Git][security-tracker-team/security-tracker][master] Triage CVE-2019-11779/mosquitto for stretch and buster

Sat, 16 Nov 2019 08:18:57 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ff3a94c by Salvatore Bonaccorso at 2019-11-16T16:17:32Z
Triage CVE-2019-11779/mosquitto for stretch and buster

The issue does not affect stretch and older as the issue was introduced
by upstream commit 883af8af5379 ("Better subtree searching.")[1].

 [1] 
https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24089,10 +24089,12 @@ CVE-2019-11780
 CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious 
MQTT cli ...)
        {DLA-1972-1}
        - mosquitto 1.6.6-1 (bug #940654)
+       [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
        NOTE: https://github.com/eclipse/mosquitto/issues/1412
-       NOTE: 
https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652
 (1.6.6)
-       NOTE: 
https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14
 (1.5.9)
+       NOTE: Introduced by: 
https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566
 (v1.5)
+       NOTE: Fixed by: 
https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652
 (1.6.6)
+       NOTE: Fixed by: 
https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14
 (1.5.9)
 CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 
1.6.0 to 1 ...)
        - mosquitto 1.6.6-1
        [buster] - mosquitto <not-affected> (Session expiry interval support 
introduced in 1.6)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ff3a94c548591607b68f3466f0bbc2690c4a23e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ff3a94c548591607b68f3466f0bbc2690c4a23e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to