Bug#988109: mqtt-client: CVE-2019-0222
Salvatore Bonaccorso
carnil at debian.org
Wed May 5 21:22:21 BST 2021
Hi
Thanks for raising this problem.
On Wed, May 05, 2021 at 10:12:34PM +0200, Andreas Beckmann wrote:
> Source: mqtt-client
> Version: 1.14-1
> Severity: serious
> Tags: security
> User: debian-qa at lists.debian.org
> Usertags: piuparts
> Control: fixed -1 1.14-1+deb9u1
>
> Hi,
>
> CVE-2019-0222 is fixed in stretch-security but not buster, making
> upgrades difficult since stretch-security has a newer version than
> buster.
> Please upload the fix to buster, too.
>
> mqtt-client | 1.14-1 | stretch | source
> mqtt-client | 1.14-1 | buster | source
> mqtt-client | 1.14-1+deb9u1 | stretch-security | source
> mqtt-client | 1.16-1 | bullseye | source
> mqtt-client | 1.16-1 | sid | source
FWIW, the issue will not warrant a DSA, so a fix for it for buster
should go via an upcoming point release.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list