ola@tigereye:~/git/security-tracker$ bin/lts-cve-triage.py --skip-dla-needed --exclude undetermined
Updating ~/.cache/debian_security_tracker.json from https://security-tracker.debian.org/tracker/data/json ...
Updating /home/ola/.cache/security-support-ended.deb7 from https://salsa.debian.org/debian/debian-security-support/raw/master/security-support-ended.deb7 ...
Updating /home/ola/.cache/security-support-limited from https://salsa.debian.org/debian/debian-security-support/raw/master/security-support-limited ...
Other issues to triage for wheezy (not yet triaged for jessie):
* mosquitto https://security-tracker.debian.org/tracker/source-package/mosquitto
- CVE-2017-7651 https://security-tracker.debian.org/tracker/CVE-2017-7651
- CVE-2017-7652 https://security-tracker.debian.org/tracker/CVE-2017-7652
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : mosquitto
Version : 0.15-2+deb7u3
CVE ID : CVE-2017-7651 CVE-2017-7652
CVE-2017-7651
A crafted CONNECT packet from an unauthenticated client could
result in extraordinary memory consumption.
CVE-2017-7652
In case all sockets/file descriptors are exhausted, a SIGHUP
signal to reload the configuration could result in default
config values (especially bad security settings)
For Debian 7 "Wheezy", these problems have been fixed in version
0.15-2+deb7u3.
We recommend that you upgrade your mosquitto packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJav9JTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25z Lm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJC OTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHXJIQALUMNe9NaCPBKQaTJE3s Ko2v
1CIAzcoTwZJzUr/x8zM8Bnompi7kh5j2V4G4GjJyJ31LZheDxRH/ k35t1Ba6PAtl
TkTRgO/PVoJKYHIfyUinNvqzsXFpAzld08w5sVlA7zzxmnm6Ppwwdpk6g2hS IoSG
1Z5STvO6eJLiK8u6hXgkqyaY/4eKlfbTe+Fkd35LzoqJPEHNyLHDBsNQk8/ VO1xn
3aNjsU7kc07n/qofFKcWZrlSt6L8Q+ucmHeinwOKT8r/H7/DxXr3yqQqXJ/C +/n+
cwjX5KTng5eEy27WmHv41oamaty4qmlM1uf/yX48th8FQdV6AV7uRK2Y+AKs at04
VaZdTBk4AZKn8u7A9jypqoILhU97SJyVO1jvO5Cqe2lP4OrT9J86MWDs496Z tQEb
4Qi6M76LueYoo7iggv67ATQKwXpARS3J8fMEo+0xBC+Oa76m016eotPkUdRp mmMC
08BSzI2tuQG3i4gbbz96u5bhCyGauFcjnWsTHD97MgCGz9LfBywkrk4eippp /sIF
rJMsYNJMfiJfB2L7f2dZ+heinTjM1x4KfKf+LceZiNcHy6SNycUFD0YLs9Zx vK90
/o5Diq8tjlCl6lxr4A3swvl3xxlpC+M9XuPgfWIsnWxKIQ6J+1Qmv4f6RVfN HAJc
cys3l3XIVUAWhqkkuvaF
=qQYi
-----END PGP SIGNATURE-----