[Git][security-tracker-team/security-tracker][master] Triage CVE-2019-11779/mosquitto for stretch and buster
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 16 16:18:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ff3a94c by Salvatore Bonaccorso at 2019-11-16T16:17:32Z
Triage CVE-2019-11779/mosquitto for stretch and buster
The issue does not affect stretch and older as the issue was introduced
by upstream commit 883af8af5379 ("Better subtree searching.")[1].
[1] https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24089,10 +24089,12 @@ CVE-2019-11780
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
{DLA-1972-1}
- mosquitto 1.6.6-1 (bug #940654)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
NOTE: https://github.com/eclipse/mosquitto/issues/1412
- NOTE: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6)
- NOTE: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9)
+ NOTE: Introduced by: https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566 (v1.5)
+ NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6)
+ NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9)
CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ...)
- mosquitto 1.6.6-1
[buster] - mosquitto <not-affected> (Session expiry interval support introduced in 1.6)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ff3a94c548591607b68f3466f0bbc2690c4a23e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ff3a94c548591607b68f3466f0bbc2690c4a23e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191116/96df2b9c/attachment.html>
More information about the debian-security-tracker-commits
mailing list