[Buildroot] [PATCH] rabbitmq-server: security bump to version 3.6.6
Peter Korsgaard
peter at korsgaard.com
Mon Jan 16 10:53:51 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes a critical authentication vulnerability in the MQTT plugin
> (CVE-2016-9877):
> MQTT (MQ Telemetry Transport) connection authentication with a
> username/password pair succeeds if an existing username is provided but the
> password is omitted from the connection request. Connections that use TLS
> with a client-provided certificate are not affected.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list