f4df4a18e5
Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT packet which causes large amounts of memory use in the broker. If multiple clients do this, an out of memory situation can occur and the system may become unresponsive or the broker will be killed by the operating system. The fix addresses the problem by limiting the permissible size for CONNECT packet, and by adding a memory_limit configuration option that allows the broker to self limit the amount of memory it uses. The hash of new tarball is not (yet) available through download.php, so use a locally calculated hash. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 lines
411 B
Plaintext
8 lines
411 B
Plaintext
# Locally calculated after checking gpg signature
|
|
sha256 7d3b3e245a3b4ec94b05678c8199c806359737949f4cfe0bf936184f6ca89a83 mosquitto-1.4.15.tar.gz
|
|
|
|
# License files
|
|
sha256 cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1 LICENSE.txt
|
|
sha256 3b9be6b894d0769de796e653571ff6cef494913c0ce78c35a97db939e7d9087c epl-v10
|
|
sha256 e8cf7d54ea46c19aba793983889b7f7425e1ebfcaaccec764a7db091646e203c edl-v10
|