Information on source package mosquitto

Available versions

jessie (security)1.3.4-2+deb8u3
stretch (security)1.4.10-3+deb9u4

Open issues

CVE-2018-12551vulnerable (no DSA, postponed)fixedfixedfixed
CVE-2018-12550vulnerable (no DSA, postponed)fixedfixedfixed
CVE-2018-12546vulnerable (no DSA, ignored)fixedfixedfixed

Resolved issues

CVE-2018-20145Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option ...
CVE-2018-12543In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is ...
CVE-2017-9868In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is ...
CVE-2017-7654In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...
CVE-2017-7653The Eclipse Mosquitto broker up to version 1.4.15 does not reject ...
CVE-2017-7652In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...
CVE-2017-7651In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...
CVE-2017-7650In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by ...

Security announcements

DSA / DLADescription
DSA-4388-2mosquitto - regression update
DSA-4388-1mosquitto - security update
DSA-4325-1mosquitto - security update
DLA-1525-1mosquitto - security update
DLA-1409-1mosquitto - security update
DLA-1334-1mosquitto - security update
DLA-1146-1mosquitto - security update
DSA-3865-1mosquitto - security update
DLA-961-1mosquitto - security update

Search for package or bug name: Reporting problems