c5c106e4e3
Fixes a security issue. From the annoncement: A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive. If a client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions are available at https://mosquitto.org/files/cve/2019-hier The fix addresses the problem by restricting the allowed number of topic hierarchy levels to 200. An alternative fix is to increase the size of the stack by a small amount. https://mosquitto.org/blog/2019/09/version-1-6-6-released/ Also notice that 1.6.5 silently fixed a security issue: CVE-2019-11778 A vulnerability exists in Mosquitto version 1.6 to 1.6.4 inclusive, known as CVE-2019-11778 If an MQTT v5 client connects to Mosquitto, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
8 lines
410 B
Plaintext
8 lines
410 B
Plaintext
# Locally calculated after checking gpg signature
|
|
sha256 82676bf4201ff102be1511b56b041a9450fbbfeda40b21aa28be0fee56e8de17 mosquitto-1.6.6.tar.gz
|
|
|
|
# License files
|
|
sha256 cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1 LICENSE.txt
|
|
sha256 3b9be6b894d0769de796e653571ff6cef494913c0ce78c35a97db939e7d9087c epl-v10
|
|
sha256 e8cf7d54ea46c19aba793983889b7f7425e1ebfcaaccec764a7db091646e203c edl-v10
|