[SECURITY] [DLA 1334-1] mosquitto security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : mosquitto
Version : 0.15-2+deb7u3
CVE ID : CVE-2017-7651 CVE-2017-7652
CVE-2017-7651
A crafted CONNECT packet from an unauthenticated client could
result in extraordinary memory consumption.
CVE-2017-7652
In case all sockets/file descriptors are exhausted, a SIGHUP
signal to reload the configuration could result in default
config values (especially bad security settings)
For Debian 7 "Wheezy", these problems have been fixed in version
0.15-2+deb7u3.
We recommend that you upgrade your mosquitto packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJav9JTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHXJIQALUMNe9NaCPBKQaTJE3sKo2v
1CIAzcoTwZJzUr/x8zM8Bnompi7kh5j2V4G4GjJyJ31LZheDxRH/k35t1Ba6PAtl
TkTRgO/PVoJKYHIfyUinNvqzsXFpAzld08w5sVlA7zzxmnm6Ppwwdpk6g2hSIoSG
1Z5STvO6eJLiK8u6hXgkqyaY/4eKlfbTe+Fkd35LzoqJPEHNyLHDBsNQk8/VO1xn
3aNjsU7kc07n/qofFKcWZrlSt6L8Q+ucmHeinwOKT8r/H7/DxXr3yqQqXJ/C+/n+
cwjX5KTng5eEy27WmHv41oamaty4qmlM1uf/yX48th8FQdV6AV7uRK2Y+AKsat04
VaZdTBk4AZKn8u7A9jypqoILhU97SJyVO1jvO5Cqe2lP4OrT9J86MWDs496ZtQEb
4Qi6M76LueYoo7iggv67ATQKwXpARS3J8fMEo+0xBC+Oa76m016eotPkUdRpmmMC
08BSzI2tuQG3i4gbbz96u5bhCyGauFcjnWsTHD97MgCGz9LfBywkrk4eippp/sIF
rJMsYNJMfiJfB2L7f2dZ+heinTjM1x4KfKf+LceZiNcHy6SNycUFD0YLs9ZxvK90
/o5Diq8tjlCl6lxr4A3swvl3xxlpC+M9XuPgfWIsnWxKIQ6J+1Qmv4f6RVfNHAJc
cys3l3XIVUAWhqkkuvaF
=qQYi
-----END PGP SIGNATURE-----
Reply to: