9e9dee2534
Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. For more details, see: https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| mosquitto.hash | ||
| mosquitto.mk | ||
| mosquitto.service | ||
| S50mosquitto | ||