NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/mosquitto: security bump to v1.5.9

Browse Source 
This is a backportport of c5c106e4e3 into 2019.02

If a client sends a SUBSCRIBE packet containing a topic that consists of
approximately 65400 or more '/' characters, i.e.  the topic hierarchy
separator, then a stack overflow will occur.

The issue is fixed in Mosquitto 1.6.6 and 1.5.9.  Patches for older versions
are available at https://mosquitto.org/files/cve/2019-hier

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Titouan Christophe 2019-09-20 11:10:37 +02:00 committed by Peter Korsgaard
parent 060dbfc2f1
commit d30a52e9f2
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/mosquitto/mosquitto.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking gpg signature
sha256 78d7e70c3794dc3a1d484b4f2f8d3addebe9c2da3f5a1cebe557f7d13beb0da4 mosquitto-1.5.8.tar.gz
sha256 d7b62aa0ca680b0d869d6883373903362f98326a6465fc6cd01a0b9e0e8f0333 mosquitto-1.5.9.tar.gz
# License files
sha256 cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1 LICENSE.txt

2
package/mosquitto/mosquitto.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
MOSQUITTO_VERSION = 1.5.8
MOSQUITTO_VERSION = 1.5.9
MOSQUITTO_SITE = https://mosquitto.org/files/source
MOSQUITTO_LICENSE = EPL-1.0 or EDLv1.0
MOSQUITTO_LICENSE_FILES = LICENSE.txt epl-v10 edl-v10