Processing commands for cont...@bugs.debian.org:
> severity 1032029 normal
Bug #1032029 [mosquitto] mosquitto ignores ip address for websocket listeners
Severity set to 'normal' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032029:
severity 1032029 normal
thanks
Hi,
I looked into this as it's the underlying reason for why a bunch of
packages are "flagged for removal" because of "buggy deps
mosquitto".
* Helmut Grohne [Sun Feb 26, 2023 at 08:37:13PM +0100]:
> If you configure a websocket listener for mosquitto with an IP
Package: mosquitto
Version: 2.0.11-1
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team
If you configure a websocket listener for mosquitto with an IP address
to bind to, mosquitto will instead bind the wildcard address. This
renders a secure configuration insecure.
A simple
3 matches
Mail list logo