[Buildroot] [PATCH] mosquitto: security bump to version 1.4.12
Peter Korsgaard
peter at korsgaard.com
Thu Jun 1 14:35:18 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set
> their username/client id to ‘#’ or ‘+’. This allows locally or remotely
> connected clients to access MQTT topics that they do have the rights to.
> The same issue may be present in third party authentication/access control
> plugins for Mosquitto.
> For more details, see:
> https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
> Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now
> upstream.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list