Philippe Coval uploaded new packages for mosquitto which fixed the following security problems: CVE-2024-8376 In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. For the bookworm-backports distribution the problems have been fixed in version 2.0.20-1~bpo12+1.
Attachment:
signature.asc
Description: PGP signature