Your message dated Tue, 08 Jun 2021 20:17:27 +0000
with message-id <[email protected]>
and subject line Bug#988109: fixed in mqtt-client 1.14-1+deb10u1
has caused the Debian Bug report #988109,
regarding mqtt-client: CVE-2019-0222
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mqtt-client
Version: 1.14-1
Severity: serious
Tags: security
User: [email protected]
Usertags: piuparts
Control: fixed -1 1.14-1+deb9u1
Hi,
CVE-2019-0222 is fixed in stretch-security but not buster, making
upgrades difficult since stretch-security has a newer version than
buster.
Please upload the fix to buster, too.
mqtt-client | 1.14-1 | stretch | source
mqtt-client | 1.14-1 | buster | source
mqtt-client | 1.14-1+deb9u1 | stretch-security | source
mqtt-client | 1.16-1 | bullseye | source
mqtt-client | 1.16-1 | sid | source
Andreas
--- End Message ---
--- Begin Message ---
Source: mqtt-client
Source-Version: 1.14-1+deb10u1
Done: Abhijith PA <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mqtt-client, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Abhijith PA <[email protected]> (supplier of updated mqtt-client package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 May 2021 21:59:49 +0530
Source: mqtt-client
Binary: libmqtt-client-java
Architecture: source all
Version: 1.14-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Abhijith PA <[email protected]>
Description:
libmqtt-client-java - Java MQTT Client API
Closes: 988109
Changes:
mqtt-client (1.14-1+deb10u1) buster; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2019-0222: unmarshalling corrupt MQTT frame can lead to
broker Out of Memory exception making it unresponsive.
(Closes: #988109)
* Update Vcs-* URL in d/control.
Checksums-Sha1:
ffed4d35abf2d8e403f1b5b0e296de8fbc60b34f 2116 mqtt-client_1.14-1+deb10u1.dsc
81b32520330943f317481f932f21acfcf565b9f3 101812 mqtt-client_1.14.orig.tar.xz
81f3d501136374d526d6e909dda0fc28cd540267 3268
mqtt-client_1.14-1+deb10u1.debian.tar.xz
c8083d457d6cab750148aa5ca0e4fdf19d22fcd0 116108
libmqtt-client-java_1.14-1+deb10u1_all.deb
26411c632151941d3dc6c173dfbd7e936f4a5a25 13037
mqtt-client_1.14-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
c2203f13c301ec3da2b0ee92a5391941631d0b1b8a4d7b28a5ef2c0effba2e95 2116
mqtt-client_1.14-1+deb10u1.dsc
8e1a951244cb82bddb4ca44375450f8599f31483b804b0b9b0cc163e0f711141 101812
mqtt-client_1.14.orig.tar.xz
9761aedec5ca5b274fa3abe66a92f8cb599b84232b8551e2895a13b240c72af4 3268
mqtt-client_1.14-1+deb10u1.debian.tar.xz
cc6849f1e3711e7a0809d75d2ed8fafd787c81a427e88a067e43f3c9f5ac4b73 116108
libmqtt-client-java_1.14-1+deb10u1_all.deb
d63106c8e3bfea249ef886bd106a6308d3a59ba2d73567baece6a7dfb447cccf 13037
mqtt-client_1.14-1+deb10u1_amd64.buildinfo
Files:
e87260a1698d6d14fd998f1a47683816 2116 java optional
mqtt-client_1.14-1+deb10u1.dsc
c5228636e7c18bb2cd2efe015fda2823 101812 java optional
mqtt-client_1.14.orig.tar.xz
691146c05252844efdc51a0affffb232 3268 java optional
mqtt-client_1.14-1+deb10u1.debian.tar.xz
548b573827f15b0650c5652fec3f3e1c 116108 java optional
libmqtt-client-java_1.14-1+deb10u1_all.deb
fd4347be79178092ccdc2567978a468d 13037 java optional
mqtt-client_1.14-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmC2ykUUHGFiaGlqaXRo
QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/eyw//UwWBSkj+j4ZIWR9K5wrlpEQKbQTO
2YSrNZbaoYAX3ivaC1K/nqZ3R8mYXCFQxhIJemxiFKnf3Hlc04NIXuFaNDbMb9C/
6QXx1aTwGqutzOgAVDrJTsq5Q5W13SvJ5yLx+Sqre7samXGuCvLd/dfPgg+pV0sv
IAUBYebzhv7B/1oFtTjXsHVjliw42h1MGnkZdj9v6a4r/Uj++EifmTMhT6ptd0hs
+v+yOQIJR3Y2/oYZmJMeD4aGcPciCvUYN4Us3iEE95bn+yMz5Red8dTmi0Zn2Zky
U2226HGAaI2YLp0N4AIWuPxA1Oaj4TqOkjvwatxnZTqPTDROka8bJp/Bpw3dnuXl
NsJnEXPZzMlKasBUTnV0PEtluG/0apJl2sLzaiyyMsI4jeHdRHCSZb0gd4KyZL4X
Ow3TdsIidgDK5nvpMfw0FqIOsZgWvZcYORH0j7ea7RRgREOooR61ovopArRgl2FJ
kpRQ0znYJijSH5SAHxcri1PCee+pxNPINLrsn4mXocFL2srX4qkZe2PzwqJSGETD
re3TS4t1+XDNgIlTuCT1Yt0vsaHM/BjiFLMfZeFhv2RX/RiXN0LOD7qwTxTJvsQf
VForb4uX7npwox0MxRdxub5sP4787yuNVLazhM1EMwSbH7gZbqnt0eIVkrs6yOmy
QpcWy5Z+PLaRL24=
=NFuW
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
