[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-11779

Sat Oct 19 23:13:19 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
093ede5c by Salvatore Bonaccorso at 2019-10-19T22:11:43Z
Update information on CVE-2019-11779

Directly reference the upstream issue and fixes in the 1.5.x and 1.6.x
branches.

According to Roger Light (upstream) this issue should affect versions
1.5 to 1.6.5 inclusive and was fixed in 1.6.6 and 1.5.9.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19634,7 +19634,9 @@ CVE-2019-11780
 CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
 	- mosquitto 1.6.6-1 (bug #940654)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
-	NOTE: patches available at https://mosquitto.org/files/cve/2019-11779/
+	NOTE: https://github.com/eclipse/mosquitto/issues/1412
+	NOTE: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6)
+	NOTE: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9)
 CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ...)
 	- mosquitto 1.6.6-1
 	[buster] - mosquitto <not-affected> (Session expiry interval support introduced in 1.6)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/093ede5cba4a6a18747fcf96111aec53c094158b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/093ede5cba4a6a18747fcf96111aec53c094158b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191019/d9bc20d3/attachment.html>
